CVE-2018-6331 Vulnerability Details
/
/
/
CVE-2018-6331 Metadata Quick Info
CVE Published: 31/12/2018 |
CVE Updated: 05/08/2024 |
CVE Year: 2018
Source: facebook |
Vendor: Facebook |
Product: Buck
Status : PUBLISHED
CVE-2018-6331 Description
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID: CWE-502
CWE Name: Deserialization of Untrusted Data (CWE-502)
Source: Facebook
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description: