Lucene search
GoogleOSV:GHSA-PFWP-8PQ4-G7PVHistoryMar 06, 2019 - 5:36 p.m.
Incomplete List of Disallowed Inputs in SOFA-Hessian
2019-03-0617:36:08
Google
osv.dev
5
EPSS
0.006
Percentile
79.2%
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget.
Related
cvelist
cvelist
CVE-2019-9212
2019-02-27 17:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-07-01 04:24:50
d0znpp
d0znpp
Spring RCE exploit I canβt explain
2019-07-17 00:22:22
prion
prion
Design/Logic Flaw
2019-02-27 17:29:00
gitlab
gitlab
Deserialization of Untrusted Data
2019-03-06 00:00:00
github
github
Incomplete List of Disallowed Inputs in SOFA-Hessian
2019-03-06 17:36:08
nvd
nvd
CVE-2019-9212
2019-02-27 17:29:00
cve
cve
CVE-2019-9212
2019-02-27 17:29:00