j0lt-github
/ jsonpickle_vulnerable.txt
Last active
August 7, 2021 13:00
jsonpickle 1.4.2 vulnerable to RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function. | |
| VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
| Vendor of Product: https://github.com/jsonpickle/jsonpickle | |
| Affected Product Code Base: JsonPickle Python Module | |
| Attack Type: Remote | |
| Impact Code execution : True |
j0lt-github
/ jyaml Java library - 1.3 Deserialization attack
Last active
December 17, 2020 16:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. | |
| VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
| Vendor of Product: http://jyaml.sourceforge.net (see yaml.org) | |
| Affected Product Code Base: jyaml Java library | |
| Attack Type: Remote |