VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 37 of 87
  • CVE-2023-39106HigAug 21, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.

  • CVE-2023-36480CriAug 4, 2023
    risk 0.57cvss 9.8epss 0.02

    The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it…

  • CVE-2023-38647CriJul 26, 2023
    risk 0.57cvss 9.8epss 0.02

    An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code…

  • CVE-2023-28754HigJul 19, 2023
    risk 0.57cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file…

  • CVE-2020-36718CriJun 7, 2023
    risk 0.57cvss 9.8epss 0.02

    The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.

  • CVE-2023-2500HigMay 25, 2023
    risk 0.57cvss 8.8epss 0.01

    The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers,…

  • CVE-2023-29215CriApr 10, 2023
    risk 0.57cvss 9.8epss 0.02

    In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters…

  • CVE-2023-28115CriMar 17, 2023
    risk 0.57cvss 9.8epss 0.03

    Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker…

  • CVE-2023-24997CriFeb 1, 2023
    risk 0.57cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223…

  • CVE-2022-44645HigJan 31, 2023
    risk 0.57cvss 8.8epss 0.02

    In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters.…

  • CVE-2021-33420CriDec 15, 2022
    risk 0.57cvss 9.8epss 0.02

    A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

  • CVE-2022-32224CriDec 5, 2022
    risk 0.57cvss 9.8epss 0.02

    A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an…

  • CVE-2022-3861HigNov 21, 2022
    risk 0.57cvss 8.8epss 0.02

    The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import,…

  • CVE-2022-45047CriNov 16, 2022
    risk 0.57cvss 9.8epss 0.04

    Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for…

  • CVE-2022-42468CriOct 26, 2022
    risk 0.57cvss 9.8epss 0.03

    Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

  • CVE-2022-39944HigOct 26, 2022
    risk 0.57cvss 8.8epss 0.02

    In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore,…

  • CVE-2022-39312CriOct 25, 2022
    risk 0.57cvss 9.8epss 0.01

    Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In…

  • CVE-2022-36944CriSep 23, 2022
    risk 0.57cvss 9.8epss 0.08

    Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary…

  • CVE-2022-40955HigSep 20, 2022
    risk 0.57cvss 8.8epss 0.02

    In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code…

  • CVE-2022-2436HigSep 6, 2022
    risk 0.57cvss 8.8epss 0.01

    The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files…