Remote Code Execution in Halibut

GHSA-hpf7-4c2g-9chf · CVE-2021-31819

Published Sep 23, 2021 · Modified Nov 8, 2023

Description

In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-31819
WEB https://advisories.octopus.com/adv/2021-08---Remote-Code-Execution-via-Deserialisation-in-the-Halibut-Protocol-(CVE-2021-31819).2250309681.html
PACKAGE https://github.com/OctopusDeploy/Halibut

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes