CVE-2022-0573
HIGHJFrog Artifactory <7.36.1,6.23.41 - Insecure Deserialization
Title source: llmDescription
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data
Scores
CVSS v3
8.8
EPSS
0.0190
EPSS Percentile
77.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (3)
jfrog/artifactory
7.35.0
jfrog/artifactory
7.36.0
jfrog/artifactory
6.0.0 - 6.23.41
Published
May 16, 2022
Tracked Since
Feb 18, 2026