Security Intel Hub 339— Search: 反序列化×

Ray RCE: Arbitrary Code Execution via Arrow Extension Type Deserialization

# [Data] Fix RCE in Arrow extension type deserialization from Parquet #62056 ## Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Root Cause**: During the deserializatio…

FreeScout CVE-2020-5436 Unserialization RCE Vulnerability Analysis

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) due to deserialization of untrusted data - **CVE ID**: CVE-2020-5436 - **CVSS v…

cryptidy Python Library Untrusted Deserialization RCE via pickle.loads

### Key Information Summary #### Vulnerability Overview - **CVE ID**: Not assigned - **Vulnerability Type**: CWE-502: Deserialization of Untrusted Data - **Impact**: Remote Code Execution (RCE), Infor…

CraftCMS Commerce RCE via SQLi and PHP Deserialization (CVE-2026-52271)

# Vulnerability Summary: craftcms/commerce Remote Code Execution Vulnerability ## Overview This vulnerability exists in the TotalRevenue widget of `craftcms/commerce`. An attacker can leverage an SQL …

# Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) *…

# Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604) * **Vulnerability Type**: Remote Code Execution (RCE) *…

H2O Unauthenticated RCE via Unrestricted JDBC URL Injection Leading to Deserialization and Command Execution

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Unauthenticated Remote Code Execution (RCE). 2. **Vulnerability Descript…

Apache Seata Hessian Deserialization RCE Vulnerability (CVE-2024-22399) Advisory

### Key Information - **CVE Number**: CVE-2024-22399 - **Vulnerability Name**: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server - **Release Date**: …

Apache Lucene Replicator Deserialization Vulnerability Advisory (CVE-2024-45772)

### Key Information - **Vulnerability ID**: CVE-2024-45772 - **Vulnerability Name**: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue - **Release Platform*…

CVE-2024-47561: Apache Avro Java SDK Arbitrary Code Execution via Schema Parsing

### CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) #### Key Information from the Webpage Screenshot: 1. **Severity**: Critical 2. **Affected Versions*…

Apache Batik/FOP/XML Graphics Commons SSRF/XXE/Deserialization Vulnerabilities Summary (CVE-2022-44729 etc.)

From this webpage screenshot, the following key information about vulnerabilities can be obtained: 1. **Apache Batik Project - Apache Batik Security**: - Batik 1.17: SSRF vulnerability CVE-2022-44729 …

pac4j-core Java Deserialization RCE (CVE-2023-25581)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID and Name**: - Vulnerability ID: GHSL-2022-085 - Vulnerability Name: Java dese…

Chainer CVE-2024-48206 Deserialization Vulnerability Analysis

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-48206 2. **Description**: Chainer v7.8.1.post1 contains a vulnera…

PyTorch Distributed RPC RemoteModule Deserialization RCE Vulnerability with PoC

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Distributed RPC Framework RemoteModule has Deserialization RCE in pytorc…

Consensys gnark Deserialization DoS via Crafted Inputs (GHSA-cph5-3pgr-c82g)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: Out-of-memory during deserialization with crafted in…