HIGH 8.8
CVE-2023-44440
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process.
. Was ZDI-CAN-21680.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.9%
percentile 75.9%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| ashlar | lithium | iOS | — | cpe:2.3:a:ashlar:lithium:12.0.1204.68:*:*:*:*:*:*:* |