Critical severityNVD Advisory· Published Sep 22, 2021· Updated Aug 3, 2024

CVE-2021-31819

Description

In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
HalibutNuGet	< 4.4.7	4.4.7

Affected products

Octopus/Halibutv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-hpf7-4c2g-9chfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-31819ghsaADVISORY
advisories.octopus.com/adv/2021-08---Remote-Code-Execution-via-Deserialisation-in-the-Halibut-Protocol-%28CVE-2021-31819%29.2250309681.htmlmitrex_refsource_MISC
advisories.octopus.com/adv/2021-08---Remote-Code-Execution-via-Deserialisation-in-the-Halibut-Protocol-(CVE-2021-31819).2250309681.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000