nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.ngrinder:ngrinder-core(Maven) | 0 | 3.5.9 | N/A |
CVSS Metrics
