CVE-2024-54136
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-54136
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54136.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-54136
- Aliases
-
- GHSA-vxvf-5cmq-5f78
- Published
- 2024-12-06T15:07:42.039Z
- Modified
- 2025-12-05T07:34:11.855144Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below
- Details
-
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-502" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54136.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54136.json
- https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78
- https://nvd.nist.gov/vuln/detail/CVE-2024-54136