CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-36480 – Aerospike Java Client vulnerable to unsafe deserialization of server responses
https://notcve.org/view.php?id=CVE-2023-36480
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. • https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/cl • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 84%CPEs: 6EXPL: 6CVE-2020-13151 – Aerospike Database 5.1.0.3 - OS Command Execution
https://notcve.org/view.php?id=CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. Aerospike Community Edition versión 4.9.0.5, permite el envío y la ejecución no autenticada de funciones definidas por el usuario (UDF), escritas en Lua, como parte de una consulta de base de datos. Intenta restringir la ejecución del código al deshabilitar las llamadas a la función os.execute(), pero esto es insuficiente. • https://www.exploit-db.com/exploits/49067 https://github.com/b4ny4n/CVE-2020-13151 http://packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Command-Execution.html http://packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Execution.html https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html https://www.aerospike.com/docs/operations/configure/security/access-control/index.html#create-users-and-assign-roles https://www.aerospike.com&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10558
https://notcve.org/view.php?id=CVE-2016-10558
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. aerospike es un módulo add-on de Aerospike para Node.js. Las versiones anteriores a la 2.4.2 de aerospike descargan recursos binarios por HTTP, lo que hace que el módulo sea vulnerable a ataques MitM. Podría ser posible provocar la ejecución remota de código (RCE) cambiando el binario solicitado por otro controlado por el atacante si éste está en la red o posicionado entre el usuario y el servidor remoto. • https://nodesecurity.io/advisories/167 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •