Wildfly Unsafe Deserialization Vulnerability
High severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Aug 22, 2023
Package
Affected versions
< 20.0.0.Final
Patched versions
20.0.0.Final
Description
Published by the National Vulnerability Database
Jun 22, 2020
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Jul 13, 2023
Last updated
Aug 22, 2023
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
References