CVE-2024-28213

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

CWE	CWE-502
Vendor	naver
Product	ngrinder
Published	Mar 7, 2024
Last Updated	Aug 22, 2024

Stay Ahead of the Next One

Get instant alerts for naver ngrinder

Be the first to know when new critical vulnerabilities affecting naver ngrinder are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NAVER / nGrinder

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cve.naver.com: https://cve.naver.com/detail/cve-2024-28213.html

Credits

Peter Stöckli of GitHub Security Lab