Lucene search
Redhat.comRH:CVE-2023-31890HistoryJun 06, 2023 - 8:25 p.m.
CVE-2023-31890
2023-06-0620:25:35
redhat.com
access.redhat.com
93
glazedlists
code execution
deserialization
beanxmlbytedecoder
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.0%
A flaw was found in glazedlists, which permits code execution when deserializing code via the BeanXMLByteDecoder’s decode method. This flaw allows an attacker to execute code on the vulnerable system.
Related
cve
cve
CVE-2023-31890
2023-05-16 16:15:10
nvd
nvd
CVE-2023-31890
2023-05-16 16:15:10
veracode
veracode
Arbitrary Code Execution
2023-05-18 01:40:16
github
github
glazedlists XML Deserialization vulnerability
2023-05-16 18:30:15
prion
prion
Deserialization of untrusted data
2023-05-16 16:15:00
osv
osv
CVE-2023-31890
2023-05-16 16:15:10
glazedlists XML Deserialization vulnerability
2023-05-16 18:30:15
cvelist
cvelist
CVE-2023-31890
2023-05-16 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.0%
Related for RH:CVE-2023-31890