Taoensso Nippy Deserialization Vulnerability

Taoensso Nippy Deserialization Vulnerability

CVE-2020-24164 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.

Learn more about our Web Application Penetration Testing UK.