The EjbObjectInputStream class in Apache TomEE prior to 1.7.4 and 7.x prior to 7.0.0-M3 allows remote malicious users to execute arbitrary code via a crafted serialized object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomee |
||
apache tomee 7.0.0 |