During a night of research for an internal presentation about Java deserialization issues, I stumbled upon OpenOlat - a Java-based E-Learning platform used by multiple universities and institutions .
A cursory inspection of the OpenOlat code base using the powerful code analysis
grep revealed, that the solution is
vulnerable to unsafe deserialization of user data and path traversal
in the handling of archive files, both of which leading to arbitrary code
execution. In the following, a brief description of the vulnerabilities and a