Deserialization of Untrusted Data vulnerability in Apache Storm.
Versions Affected:
before 2.8.6.
Description:
When processing topology credentials submitted via the Nimbus Thrift API, Storm deseri
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component.
The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository usin
Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.
This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted se
Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1.
Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7.
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights fr
There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client.
This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishi
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.
Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8.
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to
Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2.
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through < 3.6.6.
Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8.
Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
Deserialization of Untrusted Data vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaroun
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputF
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0.
Severity Justification:
The Apache Seata
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use
Page 1+ Next →