Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-w39x-chvm-pj3c: Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.

ghsa
#git#rce

Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console

Critical severity GitHub Reviewed Published May 3, 2022 • Updated May 19, 2022

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager