← Retour aux CVEs
CVE-2020-24164
HIGH7.8
Description
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie9/11/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
taoensso:nippy
Faiblesses (CWE)
CWE-502
References
https://github.com/ptaoussanis/nippy/issues/130(cve@mitre.org)
https://github.com/ptaoussanis/nippy/issues/130(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.