CVE-2024-28213 – org.ngrinder:ngrinder-core

Package

Manager: maven
Name: org.ngrinder:ngrinder-core
Vulnerable Version: >=0 <3.5.9

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.07048 pctl0.91132

Details

nGrinder vulnerable to unsafe Java objects deserialization nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

Metadata

Created: 2024-03-07T06:30:31Z
Modified: 2024-08-22T21:34:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-j7jm-8gf5-frcm/GHSA-j7jm-8gf5-frcm.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-j7jm-8gf5-frcm
Finding: F096
Auto approve: 1