Greenshot 1.3.274 Deserialization / Command Execution
Posted on 19 August 2023
There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user.