Lucene search
NaverCVE-2024-28213HistoryMar 07, 2024 - 5:15 a.m.
CVE-2024-28213
2024-03-0705:15:54
CWE-502
naver
web.nvd.nist.gov
31
ngrinder
cve-2024-28213
remote code execution
java deserialization
security vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
Low
EPSS
0
Percentile
9.0%
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CNA Affected
[
{
"vendor": "NAVER",
"product": "nGrinder",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
],
"defaultStatus": "affected"
}
]References
Related
veracode
veracode
Insecure Deserialization
2024-03-08 05:54:46
cvelist
cvelist
CVE-2024-28213
2024-03-07 04:49:47
osv
osv
nGrinder vulnerable to unsafe Java objects deserialization
2024-03-07 06:30:31
github
github
nGrinder vulnerable to unsafe Java objects deserialization
2024-03-07 06:30:31
prion
prion
Deserialization of untrusted data
2024-03-07 05:15:00
nvd
nvd
CVE-2024-28213
2024-03-07 05:15:54
vulnrichment
vulnrichment
CVE-2024-28213
2024-03-07 04:49:47
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-28213