{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.23.41" } ] }, { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.17.16" } ] }, { "events": [ { "introduced": "7.18.0" }, { "fixed": "7.18.12" } ] }, { "events": [ { "introduced": "7.19.0" }, { "fixed": "7.19.13" } ] }, { "events": [ { "introduced": "7.21.0" }, { "fixed": "7.21.25" } ] }, { "events": [ { "introduced": "7.25.0" }, { "fixed": "7.25.9" } ] }, { "events": [ { "introduced": "7.27.0" }, { "fixed": "7.27.15" } ] }, { "events": [ { "introduced": "7.29.0" }, { "fixed": "7.29.10" } ] }, { "events": [ { "introduced": "7.31.0" }, { "fixed": "7.31.16" } ] }, { "events": [ { "introduced": "7.33.0" }, { "fixed": "7.33.12" } ] }, { "events": [ { "introduced": "7.34.0" }, { "fixed": "7.34.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.35.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.36.0" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "7.36.1" } ] } ] } } ], "details": "JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.", "id": "CVE-2022-0573", "modified": "2026-03-13T21:49:14.969056060Z", "published": "2022-05-16T15:15:08.497Z", "references": [ { "type": "ADVISORY", "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" }, { "type": "FIX", "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }