13 matches found
EUVD-2021-2180
Malware in sbrugna...
CVE-2021-41616
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
K14234227: Apache DB DdlUtils vulnerability CVE-2021-41616
Security Advisory Description Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure an...
Apache DB DdlUtils code issue vulnerability
Apache DB DdlUtils is a small, easy-to-use component from the Apache Foundation for working with database definition DDL files.A code issue vulnerability exists in Apache DB DdlUtils 1.0, which stems from an insecure BinaryObjectsHelper class that uses ObjectInputStream.readObject when failing to...
com.alibaba.otter:canal.example (>=1.1.0 <=1.1.4), com.alibaba.otter:manager.biz (>=4.2.1 <=4.2.15) +69 more potentially affected by CVE-2021-41616 via org.apache.ddlutils:ddlutils (=1.0)
org.apache.ddlutils:ddlutils MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.ddlutils:ddlutils and may be impacted: - com.alibaba.otter:canal.example =1.1.0, =4.2.1, =4.2.1, =4.2.1, =4.2.1, =4.2.1, =4.2.1, =4.2.1, =4.2.1,...
GHSA-9378-F4V7-JGM4 Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
Design/Logic Flaw
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
CVE-2021-41616
CVE-2021-41616 concerns Apache DB DdlUtils 1.0, where the BinaryObjectsHelper deserializes data via ObjectInputStream.readObject without validating input. This insecure deserialization could lead to arbitrary code execution. Multiple sources (NVD, OSV, CNVD) describe the root cause as the untrust...
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...