VYPR

Maven package

com.exadel.flamingo.flex/amf-serializer

pkg:maven/com.exadel.flamingo.flex/amf-serializer

Vulnerabilities (1)

  • CVE-2017-3202CriJun 11, 2018
    affected <= 2.2.0

    The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this