Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`
CVE-2023-45672

7.5HIGH

Key Information:

Vendor

blakeblackshear

Status
frigate
Vendor
CVE Published:
30 October 2023

What is CVE-2023-45672?

Frigate, an open-source network video recorder, suffers from an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. This issue exists in the endpoints responsible for saving configurations and can be exploited if an attacker tricks an authenticated user into clicking a malicious link targeted at their Frigate server. The attack leverages the lack of input sanitization in the configuration-loading code, allowing the execution of arbitrary payloads. Frigate versions prior to 0.13.0 Beta 3 are affected, and users are advised to update to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

frigate < 0.13.0-beta3

References

https://github.com/blakeblackshear/frigate/security/advis...
x_refsource_CONFIRM
https://github.com/blakeblackshear/frigate/blob/5658e5a4c...
x_refsource_MISC
https://github.com/blakeblackshear/frigate/blob/5658e5a4c...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.