Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-31890 Vulnerability in maven package com.glazedlists:glazedlists

Description

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.

Remediation

References

https://github.com/glazedlists/glazedlists/issues/709

Related Vulnerabilities

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-elasticsearch-8

CVE-2020-35199 Vulnerability in maven package org.igniterealtime.openfire.plugins:bookmarks

CVE-2023-29206 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx

CVE-2020-28480 Vulnerability in npm package jointjs

CVE-2020-28424 Vulnerability in npm package s3-kilatstorage

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory