Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache ddlutils 1.0 readobject vulnerability
Vulnerability Description
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Apache DB DdlUtils 代码问题漏洞
Vulnerability Description
Apache DB DdlUtils是美国阿帕奇(Apache)基金会的一个易于使用的小型组件,用于处理数据库定义 (DDL) 文件。 Apache DB DdlUtils 1.0 存在代码问题漏洞,该漏洞源于BinaryObjectsHelper 类不安全,使用 ObjectInputStream.readObject 时没有验证输入数据是否可以安全地反序列化。
CVSS Information
N/A
Vulnerability Type
N/A