40 more software libraries hit by Java deserialistion bug

40 more software libraries may be affected by a Java deserialisation vulnerability than was originally thought, folllowing initial research by Foxglove Security.

The risk comes from apps not validating untrusted input before deserialisation, with this affecting all apps that accept serialised Java objects.

Various popular open source libraries are involved, including hadoop-mapreduce-client-core, Apache Directory API All, and Standalone Jar.

Read the source article at Technology

Categories:

Your e-mail address will not be published.
Required fields are marked*