There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.
References
Link | Resource |
---|---|
https://github.com/chatopera/cosin/issues/177 | Third Party Advisory Issue Tracking Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:19:26
Updated: 2022-10-03T16:19:26
Reserved: 2022-10-03T00:00:00
Link: CVE-2019-6503
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-01-22T14:29:00.563
Modified: 2019-02-15T18:33:38.607
Link: CVE-2019-6503
JSON object: View
Redhat Information
No data.
CWE