Deserialization of untrusted data

2022-04-2917:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.

CPENameOperatorVersion
oracle_optimizationeq5.16.2

CPE	Name	Operator	Version
	oracle_optimization	eq	5.16.2

References

github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g