[MAVEN:GHSA-8M35-R25C-QR56] GraniteDS Insecure Deserialization
Severity
High
Affected Packages
1
CVEs
1
The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.
Package | Affected Version |
---|---|
pkg:maven/org.graniteds/granite-core | <= 3.1.1.GA |
- ID
- MAVEN:GHSA-8M35-R25C-QR56
- Severity
- high
- URL
- https://github.com/advisories/GHSA-8m35-r25c-qr56
- Published
-
2022-05-13T01:28:41
(2 years ago) - Modified
-
2023-10-06T21:21:35
(11 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.graniteds/granite-core | org.graniteds | granite-core | <= 3.1.1.GA |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |