GHSA-4344-frcp-j22q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4344-frcp-j22q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4344-frcp-j22q/GHSA-4344-frcp-j22q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4344-frcp-j22q
- Aliases
-
- CVE-2013-2165
- Published
- 2022-05-13T01:27:59Z
- Modified
- 2023-11-08T03:57:18.035442Z
- Summary
- Remote code execution due to insecure deserialization
- Details
-
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
- Database specific
{ "nvd_published_at": "2013-07-23T11:03:00Z", "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-11-03T22:44:02Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-2165
- https://access.redhat.com/security/cve/CVE-2013-2165
- https://bugzilla.redhat.com/show_bug.cgi?id=973570
- http://jvn.jp/en/jp/JVN38787103/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
- http://seclists.org/fulldisclosure/2020/Mar/21
Affected packages
Maven / org.richfaces:richfaces
Package
- Name
- org.richfaces:richfaces
- View open source insights on deps.dev
- Purl
- pkg:maven/org.richfaces/richfaces
Maven / org.richfaces:richfaces
Package
- Name
- org.richfaces:richfaces
- View open source insights on deps.dev
- Purl
- pkg:maven/org.richfaces/richfaces