CVE-2024-28213

CRITICAL9.8EPSS 8.1%

nGrinder vulnerable to unsafe Java objects deserialization

Published: 3/7/2024Modified: 8/22/2024

Description

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

Affected packages (1)

Maven/org.ngrinder:ngrinder-corefrom 0, < 3.5.9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-28213
WEBhttps://cve.naver.com/detail/cve-2024-28213.html
WEBhttps://github.com/naver/ngrinder
WEBhttps://github.com/naver/ngrinder/commit/85efa4a075354e077a700262ef78e2e9119881bf