CVE-2019-10069

CRITICAL

Godot <3.1 - Code Injection

Title source: llm

Description

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0660
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (1)

godotengine/godot < 2.1

Timeline

Published May 31, 2019
Tracked Since Feb 18, 2026