{"id":"GHSA-hpf7-4c2g-9chf","summary":"Remote Code Execution in Halibut","details":"In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.","aliases":["CVE-2021-31819"],"modified":"2023-11-01T04:55:21.579800Z","published":"2021-09-23T23:17:07Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2021-09-23T17:18:19Z","cwe_ids":["CWE-502"],"severity":"CRITICAL","nvd_published_at":"2021-09-22T02:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31819"},{"type":"WEB","url":"https://advisories.octopus.com/adv/2021-08---Remote-Code-Execution-via-Deserialisation-in-the-Halibut-Protocol-(CVE-2021-31819).2250309681.html"},{"type":"PACKAGE","url":"https://github.com/OctopusDeploy/Halibut"}],"affected":[{"package":{"name":"Halibut","ecosystem":"NuGet","purl":"pkg:nuget/Halibut"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.7"}]}],"versions":["1.0.1.10","1.0.1.11","1.0.1.12","1.0.1.13","1.0.1.14","1.0.1.15","1.0.1.16","1.0.1.17","1.0.1.18","1.0.1.3","1.0.1.4","1.0.1.7","1.0.1.8","1.0.1.9","1.0.2.19","1.0.2.20","1.0.2.21","1.0.2.22","1.0.2.23","1.0.2.24","1.0.2.25","1.0.2.26","1.0.2.27","1.0.2.28","1.0.2.29","1.0.2.30","1.0.2.31","1.0.2.32","1.0.2.33","1.0.2.34","1.0.2.35","1.0.2.36","1.0.2.37","1.0.2.38","1.0.2.39","1.0.2.40","2.0.1.41","2.0.1.42","2.0.1.43","2.0.1.44","2.0.1.45","2.0.1.46","2.0.1.47","2.0.2.48","2.1.0.49","2.1.0.52","2.2.0.53","2.2.0.54","2.2.0.55","2.2.2","2.2.3","2.3.0","2.4.0","2.4.1","2.4.10","2.4.11","2.4.15","2.4.18","2.4.2","2.4.2-bug-proxyselect-0001","2.4.3","2.4.9","2.5.0","3.0.4","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.1.0","4.2.0","4.2.1","4.2.11","4.2.2","4.2.3","4.2.4","4.2.7","4.2.8","4.2.9","4.3.0","4.3.1","4.3.12","4.3.13","4.3.14","4.3.15","4.3.16","4.3.17","4.3.18","4.3.19","4.3.2","4.3.21","4.3.22","4.3.23","4.3.24","4.3.25","4.3.26","4.3.27","4.3.28","4.3.29","4.3.3","4.3.31","4.3.32","4.3.33","4.3.34","4.3.4","4.3.5","4.3.6","4.3.7","4.3.8","4.4.0","4.4.1","4.4.2","4.4.3","4.4.4","4.4.5","4.4.6"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-hpf7-4c2g-9chf/GHSA-hpf7-4c2g-9chf.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}