Lucene search
NaverCVELIST:CVE-2024-28213HistoryMar 07, 2024 - 4:49 a.m.
CVE-2024-28213
2024-03-0704:49:47
CWE-502
naver
www.cve.org
1
ngrinder
serialization
vulnerability
remote attacker
arbitrary code
deserialization
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CNA Affected
[
{
"vendor": "NAVER",
"product": "nGrinder",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
],
"defaultStatus": "affected"
}
]References
Related
veracode
veracode
Insecure Deserialization
2024-03-08 05:54:46
osv
osv
nGrinder vulnerable to unsafe Java objects deserialization
2024-03-07 06:30:31
cve
cve
CVE-2024-28213
2024-03-07 05:15:54
github
github
nGrinder vulnerable to unsafe Java objects deserialization
2024-03-07 06:30:31
prion
prion
Deserialization of untrusted data
2024-03-07 05:15:00
vulnrichment
vulnrichment
CVE-2024-28213
2024-03-07 04:49:47
nvd
nvd
CVE-2024-28213
2024-03-07 05:15:54