Nixpkgs security tracker
6.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Not Defined (X)
- Report Confidence (RC): Reasonable (R)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
11 packages
- libsForQt5.kactivities
- plasma5Packages.kactivities
- libsForQt5.kactivities-stats
- kdePackages.plasma-activities
- gnomeExtensions.auto-activities
- gnomeExtensions.logo-activities
- plasma5Packages.kactivities-stats
- kdePackages.plasma-activities-stats
- gnomeExtensions.hide-activities-button
- gnomeExtensions.middle-click-activities
- gnomeExtensions.double-click-activities-to-app-grid
- @LeSuisse dismissed
Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization System. This manipulation causes deserialization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
-
-
Submit #768942 | Activiti <=7.20 or < 8.8.0 Deserialization third-party-advisory
-
Affected products
- ==8.0
- ==7.10
- ==7.17
- ==7.15
- ==8.6
- ==7.9
- ==7.1
- ==8.3
- ==7.4
- ==8.8.0
- ==8.7
- ==7.8
- ==7.14
- ==7.11
- ==7.16
- ==8.5
- ==7.19
- ==7.0
- ==7.12
- ==7.18
- ==7.13
- ==7.3
- ==8.4
- ==7.5
- ==8.2
- ==7.2
- ==8.1
- ==7.7
- ==7.6
Ignored packages (11)
pkgs.libsForQt5.kactivities
None
pkgs.plasma5Packages.kactivities
None
pkgs.libsForQt5.kactivities-stats
None
pkgs.kdePackages.plasma-activities
Core components for the KDE's Activities System
pkgs.gnomeExtensions.auto-activities
Show activities overview when there are no windows, or hide it when there are new windows.
pkgs.gnomeExtensions.logo-activities
Show icon and label for panel Activities.
pkgs.plasma5Packages.kactivities-stats
None
pkgs.kdePackages.plasma-activities-stats
A library for accessing the usage data collected by the activities system.
pkgs.gnomeExtensions.middle-click-activities
Opens Activities Overview on middle mouse button click in top bar
pkgs.gnomeExtensions.double-click-activities-to-app-grid
Open the application grid by double clicking the activities button similarly to the super key.