NutzBoot vulnerable to deserialization

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing...

CVE-2025-13805

CVE-2025-13805 affects nutzam NutzBoot up to 2.6.0-SNAPSHOT via the LiteRpc-Serializer’s HttpServletRpcEndpoint.getInputStream, enabling deserialization of untrusted data. Described as remote and high-complexity, with exploit code publicly available. No fixed version is identified; monitoring for...

CVE-2025-13805 nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...

NutzBoot 代码问题漏洞

NutzBoot is an enterprise microservices framework open-sourced by Nutz. A code issue vulnerability exists in NutzBoot 2.6.0-SNAPSHOT and earlier versions, which stems from a misbehavior of the function getInputStream in the file HttpServletRpcEndpoint.java, which could lead to deserialization...

PT-2025-48409

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing...