CVE-2023-44440
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21680.
| CWE | CWE-427 |
| Vendor | ashlar-vellum |
| Product | lithium |
| Published | May 3, 2024 |
| Last Updated | Sep 18, 2024 |
Stay Ahead of the Next One
Get instant alerts for ashlar-vellum lithium
Be the first to know when new high vulnerabilities affecting ashlar-vellum lithium are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Versions
Ashlar-Vellum / Lithium
Lithium v12 Beta Build 1204.68