Lucene search
GoogleOSV:GHSA-P6M6-9J36-VFJXHistoryMay 16, 2023 - 6:30 p.m.
glazedlists XML Deserialization vulnerability
2023-05-1618:30:15
Google
osv.dev
8
vulnerability
xml
deserialization
glazedlists
software
execution
code
parameter
attack
beanxmlbytecoder
.
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.0%
An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.
Related
cve
cve
CVE-2023-31890
2023-05-16 16:15:10
redhatcve
redhatcve
CVE-2023-31890
2023-06-06 20:25:35
nvd
nvd
CVE-2023-31890
2023-05-16 16:15:10
veracode
veracode
Arbitrary Code Execution
2023-05-18 01:40:16
github
github
glazedlists XML Deserialization vulnerability
2023-05-16 18:30:15
prion
prion
Deserialization of untrusted data
2023-05-16 16:15:00
osv
osv
CVE-2023-31890
2023-05-16 16:15:10
cvelist
cvelist
CVE-2023-31890
2023-05-16 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.0%
Related for OSV:GHSA-P6M6-9J36-VFJX