2 matches found
Deserialization Of Untrusted Data
org.apache.openmeetings,openmeetings-parent is vulnerable to Deserialization of untrusted data. The vulnerability is due to the lack of proper configuration for the openjpa.serialization.class.blacklist and openjpa.serialization.class.whitelist settings in the clustering instructions, allowing an...
GHSA-MJF9-4PCV-VFG7 Apache OpenMeetings vulnerable to Deserialization of Untrusted Data
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted...