Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-13549

CVE-2020-10740 Unsafe deserialization in Wildfly Naming/EJB

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 18.0.0.Final, 18.0.1.Final, 19.0.0.Final, 19.1.0.Final
    • Fix Version/s: 20.0.0.Final
    • Component/s: EJB, Naming
    • Labels:
      None
    • Security Sensitive Issue:
      This issue is security relevant

      Description

      A lack of input validation/filtering capabilities for applications running on the application server using it's JNDI or EJB features leave the server vulnerable to deserialization attacks.

      See also https://bugzilla.redhat.com/show_bug.cgi?id=1834512

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  brian.stansberry Brian Stansberry
                  Reporter:
                  brian.stansberry Brian Stansberry
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: