GHSA-7c3f-cg9x-f3gr

Опубликовано: 16 сент. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 9.8

Описание

JasperReports has a Java deserialisation vulnerability

A Java deserialisation vulnerability has been discovered in the Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.

Ссылки

Пакеты

Наименование

net.sf.jasperreports:jasperreports

maven

Затронутые версииВерсия исправления

<= 7.0.3

Отсутствует

EPSS

Процентиль: 62%

0.00428

Низкий

8.7 High

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2025-10492

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-10492

CVSS3: 9.8

ubuntu

5 месяцев назад

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

CVE-2025-10492

CVSS3: 9.8

nvd

5 месяцев назад

CVE-2025-10492

CVSS3: 9.8

debian

5 месяцев назад

A Java deserialisation vulnerability has been discovered in Jaspersoft ...

EPSS

Процентиль: 62%

0.00428

Низкий

8.7 High

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2025-10492

Дефекты

CWE-502