29 matches found
Deserialization Of Untrusted Data
Apache Causeway is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe Java deserialization of user-controllable URL parameters in ViewModel handling, which allows an authenticated attacker to execute arbitrary code with application privileges...
Apache Causeway Deserialization Vulnerability
Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...
CVE-2025-64408
Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...
EUVD-2025-198152
Apache Causeway vulnerable to deserialization in Java...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +152 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.core:causeway-applib MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +156 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.commons:causeway-commons MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...
GHSA-WQ4C-57MH-5F7G Apache Causeway vulnerable to deserialization in Java
Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...
Apache Causeway vulnerable to deserialization in Java
Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...
CVE-2025-64408
Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...
org.apache.causeway.core:causeway-applib (=4.0.0-M1), org.apache.causeway.core:causeway-core-codegen-bytebuddy (=4.0.0-M1) +107 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (=4.0.0-M1)
org.apache.causeway.commons:causeway-commons MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - org.apache.causeway.core:causeway-applib =4.0.0-M1 -...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +135 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-config (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.core:causeway-core-config MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-config and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...
org.apache.causeway.extensions:causeway-extensions-audittrail-applib (=4.0.0-M1), org.apache.causeway.extensions:causeway-extensions-audittrail-persistence-jpa (=4.0.0-M1) +18 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-runtimeservices (=4.0.0-M1)
org.apache.causeway.core:causeway-core-runtimeservices MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-runtimeservices and may be impacted: -...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +43 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-runtimeservices (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.core:causeway-core-runtimeservices MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-runtimeservices and may be impacted: - dev.savantly.nexus:agents-module =3.4....
org.apache.causeway.mavendeps:causeway-mavendeps-webapp (=4.0.0-M1) potentially affected by CVE-2025-64408 via org.apache.causeway.viewer:causeway-viewer-wicket-viewer (=4.0.0-M1)
org.apache.causeway.viewer:causeway-viewer-wicket-viewer MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.viewer:causeway-viewer-wicket-viewer and may be impacted: -...
dev.savantly.nexus:nexus-command-webapp (=3.4.0), org.apache.causeway.mavendeps:causeway-mavendeps-webapp (>=2.0.0 <=3.4.0) potentially affected by CVE-2025-64408 via org.apache.causeway.viewer:causeway-viewer-wicket-viewer (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.viewer:causeway-viewer-wicket-viewer MAVEN version =2.0.0-RC1, =2.0.0, =3.4.0 Source cves: CVE-2025-64408 Source advisory: SNYK:JAVA-ORGAPACHECAUSEWAYVIEWER-14052594...
org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1), org.apache.causeway.core:causeway-core-metamodel (=4.0.0-M1) +93 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-config (=4.0.0-M1)
org.apache.causeway.core:causeway-core-config MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-config and may be impacted: - org.apache.causeway.core:causeway-core-interaction =4.0.0-M1 -...
org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1), org.apache.causeway.core:causeway-core-runtime (=4.0.0-M1) +87 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-metamodel (=4.0.0-M1)
org.apache.causeway.core:causeway-core-metamodel MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-metamodel and may be impacted: - org.apache.causeway.core:causeway-core-interaction =4.0.0-M...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +129 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-metamodel (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.core:causeway-core-metamodel MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-metamodel and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +152 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.core:causeway-applib MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...
dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +156 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (>=2.0.0-RC1 <=3.4.0)
org.apache.causeway.commons:causeway-commons MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...