Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization
Vulnerability Description
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization System. This manipulation causes deserialization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Alfresco Activiti 代码问题漏洞
Vulnerability Description
Alfresco Activiti是英国Alfresco公司的一个工作流自动化平台。 Alfresco Activiti 7.19/8.8.0及之前版本存在代码问题漏洞,该漏洞源于对文件activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java中函数deserialize/createObjectInputStream的操作可能导致反序列化漏洞。
CVSS Information
N/A
Vulnerability Type
N/A