CVE-2024-12138
MEDIUMHorilla < 1.2.1 - Insecure Deserialization
Title source: ruleDescription
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Scores
CVSS v3
6.3
EPSS
0.0012
EPSS Percentile
31.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-502
CWE-20
Status
published
Affected Products (1)
horilla/horilla
< 1.2.1
Timeline
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026