Lucene search

K
osvGoogleOSV:CVE-2020-24164
HistorySep 11, 2020 - 6:15 a.m.

CVE-2020-24164

2020-09-1106:15:11
Google
osv.dev
5

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

Related for OSV:CVE-2020-24164