🔐 CVE Alert

CVE-2024-28212

CRITICAL 9.8
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

CWE CWE-502
Vendor naver
Product ngrinder
Published Mar 7, 2024
Last Updated Aug 12, 2024
Stay Ahead of the Next One

Get instant alerts for naver ngrinder

Be the first to know when new critical vulnerabilities affecting naver ngrinder are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NAVER / nGrinder
All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗
cve.naver.com: https://cve.naver.com/detail/cve-2024-28212.html

Credits

Peter Stöckli of GitHub Security Lab