Severity: Critical Vendor: Red5
Versions Affected: Apache OpenMeetings 3.1.3 and earlier Description: The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. CVE-2017-5878 The issue was fixed in 3.1.4 All users are recommended to upgrade to the latest version of Apache OpenMeetings Credit: This issue was identified by Moritz Bechler
