CVE-2023-31890

Опубликовано: 16 мая 2023

Источник: redhat

CVSS3: 7.5

Описание

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.

A flaw was found in glazedlists, which permits code execution when deserializing code via the BeanXMLByteDecoder's decode method. This flaw allows an attacker to execute code on the vulnerable system.

Отчет

Red Hat Process Automation Manager, Red Hat Decision Manager, and Red Hat Build of Optaplanner have build dependencies on the affected component, but none of them ship the vulnerable code, and as such, they are not affected by this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of OptaPlanner 8	drools	Not affected
Red Hat Decision Manager 7	drools	Not affected
Red Hat Process Automation 7	drools	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=2212999glazedlists: XML Deserialization permits code execution via BeanXMLByteCoder parameter

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-31890

CVSS3: 9.8

nvd

больше 2 лет назад

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.

GHSA-p6m6-9j36-vfjx

CVSS3: 9.8

github

больше 2 лет назад

glazedlists XML Deserialization vulnerability

7.5 High

CVSS3