Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:36 a.m.3 views

com.actiontestscript:ats-automated-testing (>=1.1.1 <=1.7.8), com.actiontestscript:automated-testing (=1.1.1) +1 more potentially affected by CVE-2017-3202 via com.exadel.flamingo.flex:amf-serializer (=1.5.0)

com.exadel.flamingo.flex:amf-serializer MAVEN version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.exadel.flamingo.flex:amf-serializer and may be impacted: - com.actiontestscript:ats-automated-testing =1.1.1, =1.7.8 -...

9.8CVSS7.2AI score0.0821EPSS
Exploits2
CVE
CVE
added 2018/06/11 5:0 p.m.66 views

CVE-2017-3202

The CVE-2017-3202 entry concerns Flamingo amf-serializer (Exadel) 2.2.0, whose AMF3 deserializers may instantiate arbitrary classes via a public no-argument constructor and then invoke Java Beans setters. Exploitation requires that attacker-controlled or spoofable data reach the serdes path and t...

9.8CVSS9.5AI score0.0821EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 5:0 p.m.31 views

CVE-2017-3202 The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.6AI score0.0821EPSS
Exploits2References4
seebug.org
seebug.org
added 2017/04/06 12:0 a.m.61 views

AMF3 Java implementations Improper Control of Dynamically-Managed Code Resources

Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this...

9.5AI score0.21274EPSS
Exploits6
Rows per page
Query Builder