5 matches found
EUVD-2022-1116
Malicious code in bioql PyPI...
GHSA-P5GM-FGFX-HR7H Gadget chain attack in Nippy
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...
CVE-2020-24164
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...
Deserialization of untrusted data
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...
CVE-2020-24164
Taoensso Nippy versions before 2.14.2 are affected by a deserialization flaw that, under certain conditions, allows arbitrary code execution due to automatic use of the Java Serializable interface during deserialization. The Red Hat advisory and related records corroborate a vulnerability in Nipp...