Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-2BF0D9CF472D9000E0209C9052B38219HistoryMar 06, 2019 - 12:00 a.m.
Deserialization of Untrusted Data
2019-03-0600:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
8
EPSS
0.006
Percentile
79.2%
DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because denylisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesnβt consider this issue a vulnerability because the denylist is being misused. SOFA Hessian supports custom denylist and a disclaimer was posted encouraging users to update the denylist or to use the allowlist feature for their specific needs since the denylist is not being actively updated.
Related
osv
osv
Incomplete List of Disallowed Inputs in SOFA-Hessian
2019-03-06 17:36:08
cvelist
cvelist
CVE-2019-9212
2019-02-27 17:00:00
d0znpp
d0znpp
Spring RCE exploit I canβt explain
2019-07-17 00:22:22
prion
prion
Design/Logic Flaw
2019-02-27 17:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-07-01 04:24:50
github
github
Incomplete List of Disallowed Inputs in SOFA-Hessian
2019-03-06 17:36:08
nvd
nvd
CVE-2019-9212
2019-02-27 17:29:00
cve
cve
CVE-2019-9212
2019-02-27 17:29:00