uimaj-tools is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to deserializing Java objects without proper data verification when users or developers utilize the CasIOUtils
class in their applications and services to parse serialized CAS data. This weakness can potentially lead to remote code execution if the objects are untrusted.
CPE | Name | Operator | Version |
---|---|---|---|
uimaj-tools | le | 3.4.1 | |
uimaj-tools | le | 3.4.1 |