Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions
Vulnerability Description
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Apache Cayenne 代码问题漏洞
Vulnerability Description
Apache Cayenne是美国阿帕奇 (Apache)基金会的一个根据 Apache 许可证许可的开源持久性框架。用于提供对象关系映射和远程处理服务。 Apache Cayenne 中存在代码问题漏洞,该漏洞源于产品未对用户上传的负载进行安全检查。攻击者可通过该漏洞导致任意代码执行。 以下产品及版本受到影响:Apache Cayenne 4.1 版本及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A