Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PowSyBl Core allows deserialization of untrusted SparseMatrix data
Vulnerability Description
PowSyBl (Power System Blocks) is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in an InputStream and returns a SparseMatrix object. This issue has been patched in com.powsybl:powsybl-math: 6.7.2. A workaround for this issue involves not using SparseMatrix deserialization (SparseMatrix.read(...) methods).
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
PowSyBl Core 代码问题漏洞
Vulnerability Description
PowSyBl Core是PowSyBl开源的一个面向电力系统的软件构建框架。 PowSyBl Core 6.3.0至6.7.1版本存在代码问题漏洞,该漏洞源于SparseMatrix类的read方法存在反序列化问题可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A