Remote Code Execution Vulnerability in Pixar ruby-jss Gem

CVE-2021-33575 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.

Learn more about our Web Application Penetration Testing UK.