Beware of Deserialization Vulnerability in Rajnish Arora Recently Viewed Products

CVECVE-2023-34027
CVSScvssV3_1: 8.3
SourceCVE-2023-34027

The Rajnish Arora Recently Viewed Products tool has been found to contain a deserialization of untrusted data vulnerability with a CVSS score of 8.3. This vulnerability allows remote code execution on systems where the affected software is used.

Deserialization vulnerabilities occur when an application deserializes untrusted input without proper validation. This can allow an attacker to execute arbitrary code by crafting a specially formed serialized object.

In this case, the Recently Viewed Products tool does not properly sanitize input when deserializing product data. An attacker could provide a malicious serialized object containing executable code that would be run upon deserialization.

This gives the attacker remote code execution abilities on the vulnerable system. They could then install programs, view, change or delete data, or create new accounts with full user rights.

To protect yourself, users of the Rajnish Arora Recently Viewed Products should update to version 1.0.1 or later which fixes this issue. You can contact the developers to check if your version is vulnerable or not. It is also recommended to limit network access to this application where possible.

Regularly checking for software updates and patching known vulnerabilities can help prevent exploitation of issues like this deserialization vulnerability. Staying on top of security announcements from developers is important for your online safety.

References