Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ocGY3LTRjMmctOWNoZs0V-A

Remote Code Execution in Halibut

In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.

Permalink: https://github.com/advisories/GHSA-hpf7-4c2g-9chf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocGY3LTRjMmctOWNoZs0V-A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: about 1 year ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-hpf7-4c2g-9chf, CVE-2021-31819
References:

Blast Radius: 1.0

Affected Packages

nuget:Halibut

Dependent packages: 0
Dependent repositories: 0
Downloads: 575,137 total
Affected Version Ranges: < 4.4.7
Fixed in: 4.4.7
All affected versions: 2.2.2, 2.2.3, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.9, 2.4.10, 2.4.11, 2.4.15, 2.4.18, 2.5.0, 3.0.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.7, 4.2.8, 4.2.9, 4.2.11, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.21, 4.3.22, 4.3.23, 4.3.24, 4.3.25, 4.3.26, 4.3.27, 4.3.28, 4.3.29, 4.3.31, 4.3.32, 4.3.33, 4.3.34, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6
All unaffected versions: 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.14, 4.4.793, 4.4.831, 4.5.8, 4.5.17, 4.5.21, 4.5.23, 4.5.64, 4.5.66, 4.5.86, 5.0.1, 5.0.24, 5.0.26, 5.0.27, 5.0.30, 5.0.32, 5.0.40, 5.0.44, 5.0.47, 5.0.49, 5.0.52, 5.0.54, 5.0.56, 5.0.66, 5.0.97, 5.0.128, 5.0.205, 5.0.231, 5.0.236, 5.0.305, 5.0.341, 5.0.345, 5.0.381, 5.0.399, 5.0.411, 5.0.424, 5.0.429, 5.0.440, 5.0.464, 6.0.1, 6.0.11, 6.0.28, 6.0.29, 6.0.30, 6.0.35, 6.0.57, 6.0.64, 6.0.89, 6.0.100, 6.0.115, 6.0.128, 6.0.140, 6.0.156, 6.0.157, 6.0.171, 6.0.173, 6.0.183, 6.0.187, 6.0.191, 6.0.200, 6.0.204, 6.0.211, 6.0.220, 6.0.225, 6.0.234, 6.0.235, 6.0.241, 6.0.253, 6.0.255, 6.0.258, 6.0.268, 6.0.272, 6.0.282, 6.0.286, 6.0.314, 6.0.318, 6.0.322, 6.0.359, 6.0.377, 6.0.399, 6.0.403, 6.0.414, 6.0.425, 6.0.431, 6.0.433, 6.0.436, 6.0.439, 6.0.443, 6.0.449, 6.0.465, 6.0.468, 6.0.501, 6.0.509, 6.0.510, 6.0.519, 6.0.553, 6.0.555, 6.0.556, 6.0.569, 6.0.570, 6.0.576, 6.0.589, 6.0.592, 6.0.593, 6.0.600, 6.0.601, 6.0.604, 6.0.605, 6.0.610, 6.0.611, 6.0.620, 6.0.631, 6.0.653, 6.0.658, 6.0.677, 6.0.680, 6.0.687, 6.0.696, 6.0.701, 6.0.707, 6.0.709, 6.0.719, 6.0.726, 6.0.748, 6.0.757, 6.0.773, 6.0.790, 6.0.796, 6.0.847, 6.0.856, 6.0.870, 6.0.872, 6.0.883, 6.0.885, 6.0.888, 6.0.889, 6.0.892, 6.0.899, 6.0.910, 6.0.911, 6.0.914, 6.0.929, 6.0.937, 6.0.939, 6.0.942, 6.0.946, 6.0.953, 6.0.959, 6.0.973, 6.0.991, 6.0.992, 6.0.998, 6.0.999, 6.0.1002, 6.0.1020, 6.0.1021, 6.0.1022, 6.0.1029, 6.0.1033, 6.0.1040, 6.0.1043, 6.0.1055, 6.0.1062, 6.0.1066, 6.0.1069, 6.0.1080, 6.0.1081, 6.0.1086, 6.0.1097, 6.0.1106, 6.0.1112, 6.0.1114, 6.0.1119, 6.0.1129, 6.0.1133, 6.0.1136, 6.0.1152, 6.0.1163, 6.0.1167, 6.0.1171, 6.0.1183, 6.0.1189, 6.0.1205, 6.0.1207, 6.0.1213, 6.0.1248, 6.0.1249, 6.0.1255, 6.0.1258, 6.0.1261, 6.0.1273, 6.0.1277, 6.0.1291, 6.0.1306, 6.0.1307, 6.0.1324, 6.0.1325, 6.0.1328, 6.0.1339, 6.0.1349, 6.0.1353, 6.0.1365, 6.0.1372, 6.0.1393, 6.0.1396, 6.0.1401, 6.0.1415, 6.0.1439, 6.0.1450, 6.0.1457, 6.0.1503, 6.0.1505, 6.0.1517, 6.0.1543, 6.0.1558, 7.0.1, 7.0.11, 7.0.45, 7.0.67, 7.0.74, 7.0.77, 7.0.88, 7.0.113, 7.0.144, 7.0.161, 7.0.174, 7.0.175, 7.0.179, 7.0.190, 7.0.194, 7.0.209, 7.0.256, 7.0.280, 7.0.284, 7.0.285, 7.0.295, 7.0.308, 7.0.318, 7.0.327, 7.0.331, 7.0.336, 7.0.356, 7.0.359, 7.0.361, 7.0.368, 7.0.380, 7.0.410, 7.0.416, 7.0.449, 7.0.456, 7.0.459, 7.0.460, 7.0.465, 7.0.490, 7.0.539, 7.0.603, 7.0.616, 7.0.620