CVEs-PoC/2020/CVE-2020-24164.md at dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-04 18:08:00 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.

POC

Reference

No PoCs from references.

Github

https://github.com/404notf0und/CVE-Flow
https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
https://github.com/BrittanyKuhn/javascript-tutorial
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet

1009 B Raw Blame History

CVE-2020-24164

Description

POC

Reference

Github

1009 B

Raw Blame History