What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.
Explanation of Vulnerability in Simple Terms
JetEngine versions up to 3.7.0 contain a privilege escalation vulnerability that allows authenticated users with low privileges to gain high-level access to the site. The vulnerability requires specific attack conditions but can result in complete compromise of site data and functionality. Administrators should update to a version newer than 3.7.0 immediately.
What an attacker can do
Read, modify, or delete site data; run code on the site; affect site availability.
Potential impact on your site
Compromised user accounts, data theft, malware injection, or site downtime if exploited.
Conditions required to exploit
Attacker must have a low-privilege user account; specific attack conditions must be met.
Key dates
External resources