CVE-2019-6503

Name of the Vulnerable Software and Affected Versions Chatopera cosin version 3.10.0

Description The issue is related to a deserialization vulnerability. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This vulnerability is associated with the TemplateController.java impsave method and the MainUtils toObject method.

Recommendations For Chatopera cosin version 3.10.0, consider disabling the impsave method in TemplateController.java and restricting the use of the toObject method in MainUtils until a patch is available. Avoid uploading files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.