CVE-2014-9515

Опубликовано: 05 дек. 2014

Источник: redhat

CVSS3: 9

Описание

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Fuse 6	dozer	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-470

https://bugzilla.redhat.com/show_bug.cgi?id=1530804dozer: Potential remote code execution (RCE) via dozer's reflection-based type conversion

9 Critical

CVSS3

Связанные уязвимости

CVE-2014-9515

CVSS3: 9.8

nvd

около 8 лет назад

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

GHSA-q79q-94j7-5mgg

CVSS3: 9.8

github

больше 3 лет назад

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

9 Critical

CVSS3