Nixpkgs security tracker
7.8 HIGH
- CVSS version (CVSS): 3.0
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability
MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27990.
References
-
ZDI-26-384 x_research-advisory
-
vendor-provided URL vendor-advisory
Affected products
- ==0.32.1
Matching in nixpkgs
pkgs.subtitlecomposer
Open source text-based subtitle editor
pkgs.phpPackages.composer
Dependency Manager for PHP
pkgs.php82Packages.composer
Dependency Manager for PHP
pkgs.php83Packages.composer
Dependency Manager for PHP
pkgs.php84Packages.composer
Dependency Manager for PHP
pkgs.php85Packages.composer
Dependency Manager for PHP
pkgs.composer-require-checker
CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
pkgs.haskellPackages.gogol-composer
Google Cloud Composer SDK
pkgs.phpPackages.cyclonedx-php-composer
Composer plugin that facilitates the creation of a CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
pkgs.php82Packages.cyclonedx-php-composer
Composer plugin that facilitates the creation of a CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
pkgs.php83Packages.cyclonedx-php-composer
Composer plugin that facilitates the creation of a CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
pkgs.php84Packages.cyclonedx-php-composer
Composer plugin that facilitates the creation of a CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
pkgs.php85Packages.cyclonedx-php-composer
Composer plugin that facilitates the creation of a CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
pkgs.phpPackages.composer-local-repo-plugin
Composer plugin that facilitates the creation of a local composer type repository
pkgs.php82Packages.composer-local-repo-plugin
Composer plugin that facilitates the creation of a local composer type repository
pkgs.php83Packages.composer-local-repo-plugin
Composer plugin that facilitates the creation of a local composer type repository
pkgs.php84Packages.composer-local-repo-plugin
Composer plugin that facilitates the creation of a local composer type repository
Package maintainers
-
@patka-123 patka <patka@patka.dev>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@kugland André Kugland <kugland@gmail.com>