CRITICAL: CVE-2018-25332 (CVSS 9.8) — multiple products
Source: Lyrie.Ai
Published:
<p>GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plu