Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 cve-icon cve-icon
https://github.com/oblac/jodd/compare/v5.0.3...v5.0.4 cve-icon cve-icon
https://github.com/oblac/jodd/issues/628 cve-icon cve-icon
https://lists.apache.org/thread.html/r0bacc701ab7105500a0ab2769270d18f332cb379e6a62ec7553f3327%40%3Cissues.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r157d01c96a2c10e7ceb3e005f42c52cfe87b11dd018935e1c4277433%40%3Cgitbox.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r317aec95c436848233047af7ecb3ce04ce446eb6031f981aef50df0d%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r729bc1e0f367fe8a857ac8a14641dba284ac4cf5131edf483022cf59%40%3Cissues.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r965503b27d67a2d934e34fc1d088c9547d51d927c43b8b9bd9b7e695%40%3Cissues.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rc23200043872384e0fc48a4a4502f4c6b4b5ddc79ba4076414150d59%40%3Cissues.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rc85b650b4ad2c77d7c39c69824488e40dce6d0ebbb4204777d094375%40%3Cgitbox.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd575d9877424a2d8776f5c2ff33bf3dc3382cd83f031d483f29c11ab%40%3Cissues.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rdbb99b43334b59d3d3478d360c87e3235ba22edb1de7d39019194347%40%3Cissues.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rdce006b282e56c5cc73cdf452c51c5097154d0503396d62f48abbeae%40%3Cgitbox.hive.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf458683390d6650b26a2c8ba8ad396e038e520ad1cc3f3f1e20514d9%40%3Cdev.hive.apache.org%3E cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T12:26:39.460Z

Reserved: 2020-05-21T00:00:00

Link: CVE-2018-21234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-21T23:15:11.103

Modified: 2024-11-21T04:03:14.940

Link: CVE-2018-21234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.