CVE-2018-21234

CWE-502Deserialization of Untrusted Data5 documents4 sources
Severity
9.8CRITICAL
EPSS
25.2%
top 3.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jodd JoddApache Hive
Timeline
PublishedMay 21
Latest updateFeb 10

Description

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Mavenorg.jodd:jodd-json< 5.0.4
NVDjodd/jodd< 5.0.4
NVDapache/hive3.1.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Deserialization of Untrusted Data in Jodd2022-02-10
GHSA
Deserialization of Untrusted Data in Jodd2022-02-10
OSV
CVE-2018-21234: Jodd before 52020-05-21
CVEList
CVE-2018-21234: Jodd before 52020-05-21
CVE-2018-21234 (CRITICAL CVSS 9.8) | Jodd before 5.0.4 performs Deserial | cvebase.io