CVE-2024-6441— ORIPA LoaderXML.java deserialization

CVSS 6.3 · Medium EPSS 0.27% · P50 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-6441

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ORIPA LoaderXML.java deserialization

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely. Upgrading to version 1.80 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-270169 was assigned to this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

可信数据的反序列化

Source: NVD (National Vulnerability Database)

Vulnerability Title

ORIPA 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ORIPA是ORIPA开源的一款专门设计折纸折痕图案的绘图软件。 ORIPA 1.72及之前版本存在代码问题漏洞，该漏洞源于文件src/main/java/oripa/persistence/doc/loader/LoaderXML.java会导致反序列化。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	ORIPA	1.0	-

II. Public POCs for CVE-2024-6441

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-6441

请登录查看更多情报信息。

https://github.com/oripa/oripa/milestone/15patch
https://github.com/oripa/oripa/issues/355issue-tracking
https://vuldb.com/?ctiid.270169signaturepermissions-required
https://vuldb.com/?id.270169vdb-entry
Submit #367350: oripa <=ORIPA v1.72_release XMLDecoder reflection local rcethird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-6441

Same Patch Batch · n/a · 2024-07-02 · 22 CVEs total

CVE-2024-39891	5.3 MEDIUM	Twilio Authy API 安全漏洞
CVE-2024-26314		Jungo WinDriver 安全漏洞
CVE-2022-25477		Realtek 多款产品安全漏洞
CVE-2022-25480		Realtek 多款产品安全漏洞
CVE-2022-25478		Realtek多款产品安全漏洞
CVE-2022-25479		Realtek 多款产品安全漏洞
CVE-2024-39894		OpenSSH 安全漏洞
CVE-2024-39206		MSP360 安全漏洞
CVE-2023-51776		Jungo WinDriver 安全漏洞
CVE-2023-51778		Jungo WinDriver 安全漏洞
CVE-2023-51777		Jungo WinDriver 安全漏洞
CVE-2024-39143		ResidenceCMS 安全漏洞
CVE-2024-25088		Jungo WinDriver 安全漏洞
CVE-2024-25086		Jungo WinDriver 安全漏洞
CVE-2024-25087		Jungo WinDriver 安全漏洞
CVE-2024-22103		Jungo WinDriver 安全漏洞
CVE-2024-22102		Jungo WinDriver 安全漏洞
CVE-2024-22105		Jungo WinDriver 安全漏洞
CVE-2024-22106		Jungo WinDriver 安全漏洞
CVE-2024-22104		Jungo WinDriver 安全漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-502

V. Comments for CVE-2024-6441

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-6441— ORIPA LoaderXML.java deserialization

I. Basic Information for CVE-2024-6441

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-6441

III. Intelligence Information for CVE-2024-6441

Same Patch Batch · n/a · 2024-07-02 · 22 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-6441

Leave a comment