Lucene search
Veracode Vulnerability DatabaseVERACODE:33930HistoryJan 27, 2022 - 10:31 a.m.
Deserialization Of Untrusted Object
2022-01-2710:31:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
apache karaf
untrusted data
deserialization vulnerability
activator.java
malicious inputs
EPSS
0.003
Percentile
70.2%
Apache Karaf is vulnerable to deserialization of untrusted data. The vulnerability exists in doStart function of Activator.java because the credentials are not being filtered which allows an attacker to send malicious inputs.
Related
nvd
nvd
CVE-2021-41766
2022-01-26 11:15:08
redhatcve
redhatcve
CVE-2021-41766
2022-01-26 14:41:55
prion
prion
Deserialization of untrusted data
2022-01-26 11:15:00
cvelist
cvelist
CVE-2021-41766 Insecure Java Deserialization in Apache Karaf
2022-01-26 11:10:11
osv
osv
CVE-2021-41766
2022-01-26 11:15:08
Insecure Java Deserialization in Apache Karaf
2022-01-28 22:24:48
cve
cve
CVE-2021-41766
2022-01-26 11:15:08
cnvd
cnvd
Apache Karaf code issue vulnerability (CNVD-2022-14707)
2022-01-27 00:00:00
github
github
Insecure Java Deserialization in Apache Karaf
2022-01-28 22:24:48
redhat
redhat
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
2022-07-07 14:16:35