2 matches found
EUVD-2026-42030
A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...
Deserialization Of Untrusted Object
jodd-json is vulnerable to deserialization of untrusted object. The vulnerability exists when the setClassMetadataName method was introduced, which fails to properly restrict certain types of classes during deserialization...