Remote Code Execution Vulnerability in Pixar ruby-jss Gem
CVE-2021-33575 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
Learn more about our Web Application Penetration Testing UK.