CVE-2019-10069 — Deserialization of Untrusted Data in Godot

Severity

9.8CRITICALNVD

EPSS

6.6%

top 8.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 31

Latest updateMay 24

Description

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDgodotengine/godot2.1.1 — 3.1+1

▶Debiangodotengine/godot< 3.2-stable-1+2

GHSA

GHSA-3hmp-mj77-wcxf: In Godot through 3↗2022-05-24

▶

OSV

CVE-2019-10069: In Godot through 3↗2019-05-31

▶

CVEList

CVE-2019-10069: In Godot through 3↗2019-05-31

▶

Debian

CVE-2019-10069: godot - In Godot through 3.1, remote code execution is possible due to the deserializati...↗2019

▶