CVE-2022-0573

HIGH

JFrog Artifactory <7.36.1,6.23.41 - Insecure Deserialization

Title source: llm

Description

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

References (2)

[Mitigation, Patch, Vendor Advisory] https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data

[Vendor Advisory] https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories

Scores

CVSS v3 8.8

EPSS 0.0592

EPSS Percentile 90.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (3)

jfrog/artifactory < 6.23.41

jfrog/artifactory

Timeline

Published May 16, 2022

Tracked Since Feb 18, 2026