漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GraniteDS, version 3.1.1.GA, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization
Vulnerability Description
The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
GraniteDS 安全漏洞
Vulnerability Description
GraniteDS(Granite Data Service)是一套开源的用于构建Flex/Java EE RIA应用程序的工具。 GraniteDS 3.1.1.GA版本中存在远程代码执行漏洞。远程攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A