[jboss-jira] [JBoss JIRA] (WFLY-13549) CVE-2020-10740 Unsafe deserialization in Wildfly Naming/EJB
Brian Stansberry (Jira)
issues at jboss.org
Tue Jun 2 11:32:01 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFLY-13549:
------------------------------------
Security: (was: Security Issue)
> CVE-2020-10740 Unsafe deserialization in Wildfly Naming/EJB
> -----------------------------------------------------------
>
> Key: WFLY-13549
> URL: https://issues.redhat.com/browse/WFLY-13549
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Naming
> Affects Versions: 18.0.0.Final, 18.0.1.Final, 19.0.0.Final, 19.1.0.Final
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Priority: Major
> Fix For: 20.0.0.Final
>
>
> A lack of input validation/filtering capabilities for applications running on the application server using it's JNDI or EJB features leave the server vulnerable to deserialization attacks.
> See also https://bugzilla.redhat.com/show_bug.cgi?id=1834512
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list