A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
CPE | Name | Operator | Version |
---|---|---|---|
nippy | eq | 2.15.0-alpha3 | |
nippy | eq | 2.15.0-alpha4 | |
nippy | eq | 2.7.0 | |
nippy | eq | 2.6.3 | |
nippy | eq | 2.15.0-alpha9 | |
nippy | eq | 2.5.0-beta1 | |
nippy | eq | 2.0.0-alpha8 | |
nippy | eq | 1.3.0-alpha3 | |
nippy | eq | 2.0.0-alpha10 | |
nippy | eq | 0.10.1 |