3 matches found
Pippo Java Deserialization Vulnerability
Pippo is a Java-based Web framework . A security vulnerability exists in Pippo version 1.11.0, which stems from the 'SerializationSessionDataTranscoder.decode' function failing to check the type of a SessionData object before calling the 'ObjectInputStream.readObject' function for deserialization...
Pippo FastjsonEngine Fastjson Arbitrary Code Execution Vulnerability
Pippo is a Java-based Web framework . FastjsonEngine is one of the JSON processing engine . Fastjson is one of the Java-based JSON parser/generator . Pippo 1.11.0 version of FastjsonEngine used by Fastjson 1.2.25 before the version of parseObject has a security vulnerability. A remote attacker ca...
Pippo Remote Code Execution Vulnerability
Pippo is a Java-based Web framework . A remote code execution vulnerability exists in Pippo 1.11.0 and earlier versions, which stems from the XstreamEngine component failing to use the defense mechanisms available to XStream to limit anti-grouping, and can be exploited by a remote attacker to...