CVE-2018-8013 in Rapid Planninginformación

Resumen (Inglés)

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

2018-03-09

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

Fuentes

• MITRE
• NVD
• CVE Details