CVE-2023-27372
CRITICAL9.8EPSS 93.1%spip - security update
Published: 2/28/2023Modified: 5/29/2026
Description
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Affected packages (2)
- Debian/spipfrom 0, < 3.2.11-3+deb11u7
- Debian/spipfrom 0, < 3.2.11-3+deb11u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |