{"id":"CVE-2018-1000824","details":"MegaMek version \u003c v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.","modified":"2026-04-11T23:33:52.969550Z","published":"2018-12-20T15:29:00.970Z","references":[{"type":"ADVISORY","url":"https://0dd.zone/2018/10/28/megamek-Object-Injection/"},{"type":"REPORT","url":"https://github.com/MegaMek/megamek/issues/1162"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/megamek/megamek","events":[{"introduced":"0"},{"fixed":"edff3bfb5f65f50dda3c1f59aab0453f46f64cee"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.45.1"}]}}],"versions":["0.41.25","0.45.0","v0.41.14","v0.41.15","v0.41.17","v0.41.19","v0.41.20","v0.41.21","v0.41.22","v0.41.23","v0.41.24","v0.41.26","v0.41.27","v0.41.28","v0.42.0","v0.43.0","v0.43.1","v0.43.10","v0.43.11","v0.43.2","v0.43.3","v0.43.4","v0.43.5","v0.43.6","v0.43.7-RC1","v0.43.8","v0.43.9","v0.44.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000824.json","vanir_signatures_modified":"2026-04-11T23:33:52Z","vanir_signatures":[{"signature_type":"Line","deprecated":false,"digest":{"line_hashes":["63215383161821587048219324054287523861","245976165063902565407266002518803907079","76290510814507453856507580212220918992","318065962559192181273929598143927617311"],"threshold":0.9},"target":{"file":"megamek/src/megamek/MegaMek.java"},"id":"CVE-2018-1000824-24ebe458","source":"https://github.com/megamek/megamek/commit/edff3bfb5f65f50dda3c1f59aab0453f46f64cee","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}