Pippo is vulnerable to remote code execution attacks. A remote, unauthenticated attacker could create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie to exploit the flawed Cookie Handler
component causing denial of service conditions. Affected by this issue is the function SerializationSessionDataTranscoder.decode()
.
CPE | Name | Operator | Version |
---|---|---|---|
pippo session | le | 1.11.0 | |
pippo session | le | 1.11.0 |