Deserialization Vulnerability in Inikulin Replicator Allows Remote Code Execution

Deserialization Vulnerability in Inikulin Replicator Allows Remote Code Execution

CVE-2021-33420 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

Learn more about our Web Application Penetration Testing UK.