Java Serialized Object Deserialization Vulnerability in Buck Parser-Cache Command

CVE-2018-6331 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.

Learn more about our Web Application Penetration Testing UK.