Headline
GHSA-w39x-chvm-pj3c: Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Critical severity GitHub Reviewed Published May 3, 2022 • Updated May 19, 2022