High severityNVD Advisory· Published Sep 11, 2020· Updated Aug 4, 2024
CVE-2020-24164
CVE-2020-24164
Description
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.taoensso:nippyMaven | < 2.14.2 | 2.14.2 |
Affected products
2- Taoensso/Nippydescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-p5gm-fgfx-hr7hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-24164ghsaADVISORY
- github.com/ptaoussanis/nippy/commit/61fb009fdde2994140f2da2e495ba8af3a873eb2ghsaWEB
- github.com/ptaoussanis/nippy/issues/130ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.