CVE-2024-28213
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-28213
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
nGrinder 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
nGrinder是一个压力测试平台,使您能够同时执行脚本创建、测试执行、监控和结果报告生成器。 nGrinder 3.5.9之前版本存在安全漏洞,该漏洞源于允许接受未经身份验证用户的序列化Java对象,可能允许远程攻击者通过不安全的Java对象反序列化执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-28213
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Here's a brief description of CVE-2024-28213: "CVE-2024-28213 is a critical vulnerability affecting versions prior to 3.5.9 of nGrinder. It allows unauthenticated users to send serialized Java objects to the application, potentially leading to the execution of arbitrary code through unsafe Java object deserialization. | https://github.com/0x1x02/CVE-2024-28213 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-28213
请登录查看更多情报信息。
Same Patch Batch · NAVER · 2024-03-07 · 6 CVEs total
| CVE-2024-28211 | nGrinder 安全漏洞 | |
| CVE-2024-28212 | nGrinder 安全漏洞 | |
| CVE-2024-28214 | nGrinder 安全漏洞 | |
| CVE-2024-28215 | nGrinder 安全漏洞 | |
| CVE-2024-28216 | nGrinder 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-502
- CVE-2026-44126
Insecure deserialization - CVE-2026-5127
User Frontend: AI Powered Frontend Posting, User Directory, - CVE-2026-41586
ObjectInputStream.readObject() without ObjectInputFilter in - CVE-2026-34084
PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFac - CVE-2026-7712
MindsDB Pickle pickle.loads deserialization
V. Comments for CVE-2024-28213
No comments yet