First published: Mon May 16 2022(Updated: )
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=6.0.0<6.23.41 | |
Jfrog Artifactory | >=7.0.0<7.17.16 | |
Jfrog Artifactory | >=7.18.0<7.18.12 | |
Jfrog Artifactory | >=7.19.0<7.19.13 | |
Jfrog Artifactory | >=7.21.0<7.21.25 | |
Jfrog Artifactory | >=7.25.0<7.25.9 | |
Jfrog Artifactory | >=7.27.0<7.27.15 | |
Jfrog Artifactory | >=7.29.0<7.29.10 | |
Jfrog Artifactory | >=7.31.0<7.31.16 | |
Jfrog Artifactory | >=7.33.0<7.33.12 | |
Jfrog Artifactory | >=7.34.0<7.34.4 | |
Jfrog Artifactory | =7.35.0 | |
Jfrog Artifactory | =7.36.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-0573.
The severity of CVE-2022-0573 is high (8.8).
JFrog Artifactory versions before 7.36.1 and 6.23.41 are affected by CVE-2022-0573.
Exploiting CVE-2022-0573 can lead to Denial of Service (DoS), Privilege Escalation, and Remote Code Execution.
To fix CVE-2022-0573, you should upgrade JFrog Artifactory to version 7.36.1 or 6.23.41 or higher.