VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 49 of 87
  • CVE-2024-37064HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.

  • CVE-2024-37062HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.

  • CVE-2024-2229HigMar 18, 2024
    risk 0.51cvss 7.8epss 0.00

    CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user.

  • CVE-2023-24621HigAug 25, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.

  • CVE-2021-46364HigFeb 11, 2022
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.

  • CVE-2021-41078HigOct 26, 2021
    risk 0.51cvss 7.8epss 0.01

    Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.

  • CVE-2020-10721HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in…

  • CVE-2020-15777HigAug 25, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious…

  • CVE-2020-11113HigMar 31, 2020
    risk 0.51cvss 8.8epss 0.06

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

  • CVE-2020-10673HigMar 18, 2020
    risk 0.51cvss 8.8epss 0.08

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

  • CVE-2018-10513HigAug 30, 2018
    risk 0.51cvss 7.8epss 0.01

    A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2018-14572HigAug 28, 2018
    risk 0.51cvss 7.8epss 0.02

    In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

  • CVE-2018-12539HigAug 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled…

  • CVE-2018-14878HigAug 13, 2018
    risk 0.51cvss 7.8epss 0.02

    JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

  • CVE-2018-1000210HigJul 13, 2018
    risk 0.51cvss 7.8epss 0.01

    YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);"…

  • CVE-2017-2608HigMay 15, 2018
    risk 0.51cvss 8.8epss 0.06

    Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

  • CVE-2017-13286HigApr 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges…

  • CVE-2017-12628HigOct 20, 2017
    risk 0.51cvss 7.8epss 0.01

    The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for…

  • CVE-2017-0806HigOct 4, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.

  • CVE-2017-12612HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user…