AVID-2026-R0933

Description

Vulnerability CVE-2022-0573

Details

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

Reason for inclusion in AVID: CVE-2022-0573 describes insecure deserialization in JFrog Artifactory leading to DoS, privilege escalation, and remote code execution. Artifactory is a widely used artifact/repository manager in CI/CD and AI deployment pipelines, making it a software component in the AI supply chain. The issue affects software components used to build/deploy AI systems, is a security vulnerability, and the report provides clear signals (CVE ID, description, affected versions, CVSS). Therefore it should be kept for AVID curation.

References

• NVD entry
• https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
• https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data

Affected or Relevant Artifacts

• Developer: JFrog
• Deployer: JFrog
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-05-16
• Version: 0.3.3
• AVID Entry