CVE-2022-23734

CVE-2022-23734: Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution

Vendor Github
Product GitHub Enterprise Server
Weakness CWE-502 · Unsafe deserialization
Published October 19, 2022
Last update May 9, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.

Key dates

02Disclosure timeline

October 19, 2022 CVE published
May 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-21703 Azure Data Box Gateway Remote Code Execution Vulnerability CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling