Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4801 vulnerabilities reference this CWE, most recent first.

GHSA-QP5C-V98V-4G66

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-4574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-22T01:00:00Z",
    "severity": "HIGH"
  },
  "details": "The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.",
  "id": "GHSA-qp5c-v98v-4g66",
  "modified": "2022-05-13T01:24:56Z",
  "published": "2022-05-13T01:24:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4574"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=56449"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42648"
    },
    {
      "type": "WEB",
      "url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=68033"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45390"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QP7V-HP83-PQ4X

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.

The specific flaw exists within the renderFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23451.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5579"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the renderFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23451.",
  "id": "GHSA-qp7v-hp83-pq4x",
  "modified": "2024-11-22T21:32:16Z",
  "published": "2024-11-22T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5579"
    },
    {
      "type": "WEB",
      "url": "https://alltena.com/en/resources/release-notes/relnotes-7-5-2"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1162"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP9X-RM9W-4J32

Vulnerability from github – Published: 2025-06-05 21:30 – Updated: 2025-06-05 21:30
VLAI
Details

A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-05T19:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-qp9x-rm9w-4j32",
  "modified": "2025-06-05T21:30:55Z",
  "published": "2025-06-05T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5679"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/agile-bpm/agile-bpm-basic/issues/ICAQWG"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.311166"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.311166"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.585127"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QPFQ-PH7R-QV6F

Vulnerability from github – Published: 2021-03-22 23:29 – Updated: 2022-02-08 21:32
VLAI
Summary
XStream is vulnerable to an Arbitrary Code Execution attack
Details

Impact

The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

Patches

If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Workarounds

See workarounds for the different versions covering all CVEs.

References

See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for CVE-2021-21347.

Credits

The vulnerability was discovered and reported by threedr3am.

For more information

If you have any questions or comments about this advisory: * Open an issue in XStream * Contact us at XStream Google Group

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.thoughtworks.xstream:xstream"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434",
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T23:25:22Z",
    "nvd_published_at": "2021-03-23T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types.\n\n### Patches\nIf you rely on XStream\u0027s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.16.\n\n### Workarounds\nSee [workarounds](https://x-stream.github.io/security.html#workaround) for the different versions covering all CVEs.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream\u0027s documentation for [CVE-2021-21347](https://x-stream.github.io/CVE-2021-21347.html).\n\n### Credits\nThe vulnerability was discovered and reported by threedr3am.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)",
  "id": "GHSA-qpfq-ph7r-qv6f",
  "modified": "2022-02-08T21:32:28Z",
  "published": "2021-03-22T23:29:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/x-stream/xstream"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210430-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://x-stream.github.io/CVE-2021-21347.html"
    },
    {
      "type": "WEB",
      "url": "https://x-stream.github.io/security.html#workaround"
    },
    {
      "type": "WEB",
      "url": "http://x-stream.github.io/changes.html#1.4.16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XStream is vulnerable to an Arbitrary Code Execution attack"
}

GHSA-QQ48-M4JX-XQH8

Vulnerability from github – Published: 2021-04-22 16:14 – Updated: 2021-04-21 19:54
VLAI
Summary
"Deserialization errors in MyBatis"
Details

MyBatis before 3.5.6 mishandles deserialization of object streams leading to potential cache poisoning.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.mybatis:mybatis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-21T19:54:50Z",
    "nvd_published_at": "2020-10-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "MyBatis before 3.5.6 mishandles deserialization of object streams leading to potential cache poisoning.",
  "id": "GHSA-qq48-m4jx-xqh8",
  "modified": "2021-04-21T19:54:50Z",
  "published": "2021-04-22T16:14:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mybatis/mybatis-3/pull/2079"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mybatis/mybatis-3/releases/tag/mybatis-3.5.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "\"Deserialization errors in MyBatis\""
}

GHSA-QQ72-778Q-MWMX

Vulnerability from github – Published: 2022-06-02 00:00 – Updated: 2022-06-12 00:00
VLAI
Details

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-01T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions \u003c VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions \u003c VC20D), NAEOTOM Alpha (All VA40 versions \u003c VA40 SP2), SOMATOM X.cite (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions \u003c VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions \u003c VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions \u003c VB22A-UD03), Symbia Evo (All VB22 versions \u003c VB22A-UD03), Symbia Intevo (All VB22 versions \u003c VB22A-UD03), Symbia T (All VB22 versions \u003c VB22A-UD03), Symbia.net (All VB22 versions \u003c VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions \u003c VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions \u003c VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.",
  "id": "GHSA-qq72-778q-mwmx",
  "modified": "2022-06-12T00:00:47Z",
  "published": "2022-06-02T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29875"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens-healthineers.com/support-documentation/cybersecurity/shsa-455016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ7G-427F-CM2R

Vulnerability from github – Published: 2026-02-18 15:31 – Updated: 2026-02-18 15:31
VLAI
Details

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-18T15:18:41Z",
    "severity": "HIGH"
  },
  "details": "The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Note: This vulnerability requires the Live Composer plugin to also be installed and active.",
  "id": "GHSA-qq7g-427f-cm2r",
  "modified": "2026-02-18T15:31:27Z",
  "published": "2026-02-18T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1426"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/502.html"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L25"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L28"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-ajax-filters/trunk/includes/compatibility/live_composer.php#L33"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3449344/#file418"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/29e76d57-217f-4f21-8bc6-a86290783a19?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ9H-65HG-3824

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 15:30
VLAI
Details

Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T17:16:56Z",
    "severity": "CRITICAL"
  },
  "details": "Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through \u003c= 1.1.11.",
  "id": "GHSA-qq9h-65hg-3824",
  "modified": "2026-03-26T15:30:33Z",
  "published": "2026-03-25T18:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27084"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Theme/buisson/vulnerability/wordpress-buisson-theme-1-1-11-php-object-injection-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ9W-34XH-VPMR

Vulnerability from github – Published: 2026-01-23 06:31 – Updated: 2026-01-23 06:31
VLAI
Details

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27833.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T04:16:01Z",
    "severity": "HIGH"
  },
  "details": "Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27833.",
  "id": "GHSA-qq9w-34xh-vpmr",
  "modified": "2026-01-23T06:31:23Z",
  "published": "2026-01-23T06:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15348"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1199"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQFC-M9HC-PQV3

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-06-29 23:25
VLAI
Summary
Deserialization of Untrusted Data in Infinispan
Details

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "versions": [
        "8.2.10.Final"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "versions": [
        "9.0.3.Final"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "versions": [
        "9.1.7.Final"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "versions": [
        "9.2.2.Final"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.3.0.Alpha1"
            },
            {
              "fixed": "9.3.1.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.3.0.Alpha1"
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-29T23:25:35Z",
    "nvd_published_at": "2018-05-15T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.",
  "id": "GHSA-qqfc-m9hc-pqv3",
  "modified": "2022-06-29T23:25:35Z",
  "published": "2022-05-13T01:33:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1131"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1833"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/infinispan/infinispan"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104218"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Deserialization of Untrusted Data in Infinispan"
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.