CVE-2021-36231
HIGHMIK.starlight <7.9.5.24363 - Code Injection
Title source: llmDescription
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
Scores
CVSS v3
8.8
EPSS
0.0114
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (1)
unit4/mik.starlight
Timeline
Published
Aug 31, 2021
Tracked Since
Feb 18, 2026