Skip to content

nGrinder vulnerable to unsafe Java objects deserialization

High severity GitHub Reviewed Published Mar 7, 2024 to the GitHub Advisory Database • Updated Mar 7, 2024

Package

maven org.ngrinder:ngrinder-core (Maven)

Affected versions

< 3.5.9

Patched versions

3.5.9

Description

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

References

Published by the National Vulnerability Database Mar 7, 2024
Published to the GitHub Advisory Database Mar 7, 2024
Reviewed Mar 7, 2024
Last updated Mar 7, 2024

Severity

High

Weaknesses

CVE ID

CVE-2024-28213

GHSA ID

GHSA-j7jm-8gf5-frcm

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.