Mkalinin

**Name of the Vulnerable Software and Affected Versions** EthereumJ version 1.8.2 **Description** An issue was discovered in EthereumJ where there is unsafe deserialization in `ois.readObject` in `mine/Ethash.java` and `decoder.readObject` in `crypto/ECKey.java`. This allows arbitrary OS commands to be run on the server when a node syncs and mines a new block. **Recommendations** For EthereumJ version 1.8.2, consider disabling the `ois.readObject` and `decoder.readObject` functions in `mine/Ethash.java` and `crypto/ECKey.java` respectively, until a patch is available to prevent unsafe deserialization. Restrict access to the `mine/Ethash.java` and `crypto/ECKey.java` modules to minimize the risk of exploitation.