cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.2.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.2.0) +43 more potentially affected by CVE-2018-21234 via org.jodd:jodd-json (>=3.6.6 <=5.0.3)

org.jodd:jodd-json MAVEN version =3.6.6, =0.1.5, =0.1.0, =0.4.0, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.2.1 and more Source cves: CVE-2018-21234 Source advisory: OSV:GHSA-JRG3-QQ99-35G7...

Deserialization Of Untrusted Object

jodd-json is vulnerable to deserialization of untrusted object. The vulnerability exists when the setClassMetadataName method was introduced, which fails to properly restrict certain types of classes during deserialization...

Remote Code Execution Via JSON Deserialization

jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...