Skip to main content

S3Ql

2 CVEs product

Monthly

CVE-2018-12088 HIGH POC PATCH This Week

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection S3Ql
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2014-0485 HIGH POC This Week

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection S3Ql
NVD
CVSS 2.0
7.5
EPSS
1.6%
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection S3Ql
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy