CVE-2020-10740 Unsafe deserialization in Wildfly Naming/EJB ----------------------------------------------------------- Key: WFLY-13549 URL: https://issues.redhat.com/browse/WFLY-13549 Project: WildFly Issue Type: Bug Components: EJB, Naming Affects Versions: 18.0.0.Final, 18.0.1.Final, 19.0.0.Final, 19.1.0.Final Reporter: Brian Stansberry Assignee: Brian Stansberry Priority: Major Fix For: 20.0.0.Final A lack of input validation/filtering capabilities for applications running on the application server using it's JNDI or EJB features leave the server vulnerable to deserialization attacks. See also https://bugzilla.redhat.com/show_bug.cgi?id=1834512