JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
{ "cpes": [ "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "cpe:2.3:a:jfrog:artifactory:7.35.0:*:*:*:*:-:*:*", "cpe:2.3:a:jfrog:artifactory:7.36.0:*:*:*:*:-:*:*" ], "severity": "High" }