## https://sploitus.com/exploit?id=SAINT:29ACC8DBEB181C0B0645161422DDD264
Added: 04/13/2023
### Background
[IBM Aspera Faspex](<https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex>) is a centralized, high-speed transfer solution using the FASP protocol.
### Problem
A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for `**relay_package**` with specially crafted JSON content.
### Resolution
[Upgrade](<https://www.ibm.com/support/fixcentral/swg/selectFixes>) to Faspex 4.4.2 PL2 or higher.
### References
<https://www.ibm.com/support/pages/node/6952319>
### Limitations
Exploit works on Linux targets.
### Platforms
Linux