22 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the improper use of a reflection-based approach to type conversion. An attacker can execute arbitrary code via a crafted serialized object. Details Serialization is a process of converting an...
cn.123tool.chen:commons (=1.0.0), cn.acooly:acooly-auth-google-authenticator (=5.2.1) +681 more potentially affected by CVE-2014-9515 via net.sf.dozer:dozer (>=4.0 <=5.5.1)
net.sf.dozer:dozer MAVEN version =4.0, =1.0.0, =2.1.0 and more Source cves: CVE-2014-9515 Source advisory: SNYK:JAVA-NETSFDOZER-15338467...