Arbitrary Code Execution
GraniteDS is vulnerable to arbitrary code execution. It fails to prevent instantiation of untrusted object via public parameter-less constructor and calling arbitrary Java Beans setter methods. Thereby allowing an attacker to send malicious Java objects with pre-set properties, leading to arbitra...