CVE-2021-31819

CRITICAL

Halibut < 4.4.7 - Remote Code Execution via Deserialization

Title source: llm
STIX 2.1

Description

In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0186
EPSS Percentile 83.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (2)
nuget/Halibut 0 - 4.4.7NuGet
octopus/halibut < 4.4.7
Published Sep 22, 2021
Tracked Since Feb 18, 2026