Primary

Context

Cap Collectif Remote Code Execution Vulnerability via Unsecured Unserialization

Vulnerability

A remote code execution vulnerability exists in Cap Collectif's online decision-making platform, specifically in the 'DebateAlternateArgumentsResolver' component. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the resolver improperly handled the deserialization of a 'Cursor' object, allowing unauthenticated users to manipulate classes and execute arbitrary code. This vulnerability has been addressed in the mentioned commit.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Cap Collectif is hosted.

Remediation

Users can update to the version that includes commit 812f2a7d271b76deab1175bdaf2be0b8102dd198 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.0

threat

3.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.9

remediation

0.0

relevance

0.0

threat

3.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cap Collectif Remote Code Execution Vulnerability via Unsecured Unserialization

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating