cve/CVE-2018-15890.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.

POC

Reference

https://github.com/frohoff/ysoserial/

Github

https://github.com/PalindromeLabs/Java-Deserialization-CVEs
https://github.com/demining/Solidity-Forcibly-Send-Ether-Vulnerability

807 B Raw Blame History

CVE-2018-15890

Description

POC

Reference

Github

807 B

Raw Blame History