-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pete,
On 6/17/20 17:44, Pete Helgren wrote:
> I am going to guess that it is one of these two known
> vulnerabilities:
>
> CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981) The
> JSONDeserializer of Flexjson allows the instantiation of a
Hi Pete,
On 17.06.20 23:44, Pete Helgren wrote:
> I am going to guess that it is one of these two known vulnerabilities:
>
> CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
> The JSONDeserializer of Flexjson allows the instantiation of arbitrary
> classes and the invocation of arbitr
I am going to guess that it is one of these two known vulnerabilities:
CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
The JSONDeserializer of Flexjson allows the instantiation of arbitrary
classes and the invocation of arbitrary setter methods.
CST-7205: Unauthenticated Remote c
