mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
793 B
793 B
CVE-2014-9515
Description
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
POC
Reference
- https://github.com/DozerMapper/dozer/issues/217
- https://github.com/pentestingforfunandprofit/research/tree/master/dozer-rce
- https://www.oracle.com/security-alerts/cpuApr2021.html