CVE-2021-26295 RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz...

CVE-2019-0189

The CVE-2019-0189 issue affects Apache OFBiz via two dependencies (commons-beanutils and an outdated commons-fileupload). It uses Java deserialization in the HttpEngine: the request parameter serviceContext is passed to XmlSerializer.deserialize, enabling remote code execution through java.io.Obj...