High severity8.1NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-3199
CVE-2017-3199
Description
The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.graniteds:granite-coreMaven | <= 3.1.1.GA | — |
Affected products
2- GraniteDS/Frameworkv5Range: 3.1.1.GA
Patches
Vulnerability mechanics
References
7- codewhitesec.blogspot.com/2017/04/amf.htmlnvdExploitThird Party AdvisoryWEB
- www.securityfocus.com/bid/97382nvdThird Party AdvisoryVDB Entry
- www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionnvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-8m35-r25c-qr56ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-3199ghsaADVISORY
- www.kb.cert.org/vuls/id/307983nvdThird Party AdvisoryUS Government ResourceWEB
- web.archive.org/web/20210124021547/http://www.securityfocus.com/bid/97382ghsaWEB
News mentions
0No linked articles in our index yet.