Pippo Java Deserialization Vulnerability
Pippo is a Java-based Web framework . A security vulnerability exists in Pippo version 1.11.0, which stems from the 'SerializationSessionDataTranscoder.decode' function failing to check the type of a SessionData object before calling the 'ObjectInputStream.readObject' function for deserialization...