Java Code Execution via Serialized Objects in MATLAB Files

Java Code Execution via Serialized Objects in MATLAB Files

CVE-2016-6809 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Learn more about our Web Application Penetration Testing UK.