PT-2024-37628 · Oripa · Oripa
Aftersnow
·
Published
2024-07-02
·
Updated
2024-07-02
·
CVE-2024-6441
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ORIPA versions up to 1.72
Description
A critical issue was found in ORIPA, affecting an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation of this issue leads to deserialization and can be launched remotely.
Recommendations
For versions up to 1.72, upgrade to version 1.80 to address this issue. It is recommended to upgrade the affected component.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oripa