Lucene search
GoogleOSV:CVE-2020-24164HistorySep 11, 2020 - 6:15 a.m.
CVE-2020-24164
2020-09-1106:15:11
Google
osv.dev
5
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nippy | eq | 2.15.0-alpha3 | |
| nippy | eq | 2.15.0-alpha4 | |
| nippy | eq | 2.7.0 | |
| nippy | eq | 2.6.3 | |
| nippy | eq | 2.15.0-alpha9 | |
| nippy | eq | 2.5.0-beta1 | |
| nippy | eq | 2.0.0-alpha8 | |
| nippy | eq | 1.3.0-alpha3 | |
| nippy | eq | 2.0.0-alpha10 | |
| nippy | eq | 0.10.1 |
References
Related
nvd
nvd
CVE-2020-24164
2020-09-11 06:15:11
prion
prion
Deserialization of untrusted data
2020-09-11 06:15:00
osv
osv
Gadget chain attack in Nippy
2022-02-10 20:55:10
cvelist
cvelist
CVE-2020-24164
2020-09-11 05:49:06
cve
cve
CVE-2020-24164
2020-09-11 06:15:11
github
github
Gadget chain attack in Nippy
2022-02-10 20:55:10