Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-gxg6-rc6c-v673

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 8.1

Описание

Improper Input Validation in BeanShell

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Ссылки

Пакеты

Наименование

org.apache-extras.beanshell:bsh

maven
Затронутые версииВерсия исправления

<= 2.0b5

2.0b6

EPSS

Процентиль: 97%
0.38909
Средний

8.1 High

CVSS3

CVE ID

CVE-2016-2510

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2016-2510

CVSS3: 8.1
ubuntu
почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

redhat логотип

CVE-2016-2510

CVSS3: 7.4
redhat
почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

nvd логотип

CVE-2016-2510

CVSS3: 8.1
nvd
почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

debian логотип

CVE-2016-2510

CVSS3: 8.1
debian
почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an app ...

suse-cvrf логотип

openSUSE-SU-2016:0788-1

suse-cvrf
почти 10 лет назад

Security update for bsh2

EPSS

Процентиль: 97%
0.38909
Средний

8.1 High

CVSS3

CVE ID

CVE-2016-2510

Дефекты

CWE-20