exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2018-18628

больше 7 лет назад

An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.

CVSS3: 9.8

EPSS: Низкий

GHSA-7fm6-2qw4-g3x3

больше 7 лет назад

Deserialization of Untrusted Data in Pippo

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2018-18628 An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.	CVSS3: 9.8	4% Низкий	больше 7 лет назад
	GHSA-7fm6-2qw4-g3x3 Deserialization of Untrusted Data in Pippo	CVSS3: 9.8	4% Низкий	больше 7 лет назад

Уязвимостей на страницу