CVE-2024-28212

CRITICAL

Naver Ngrinder < 3.5.9 - Insecure Deserialization

Title source: rule

Description

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0704
EPSS Percentile 91.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (1)

naver/ngrinder < 3.5.9

Timeline

Published Mar 07, 2024
Tracked Since Feb 18, 2026