Loading...

Log In
Closed

XML

Word

Printable

Type: Bug Report
Resolution: Fixed
Priority: L2 - Critical
Fix Version/s: None
Affects Version/s: 7.15.0-alpha1, 7.15.0
Component/s: camunda.org, engine
Labels:
None

When analyzing the violations through OWASP, it turned out that the latest version of Camunda uses the MyBatis version, which mishandles deserialization of object streams.

Published Vulnerabilities:

https://nvd.nist.gov/vuln/detail/CVE-2020-26945

Assignee:: Tobias Metzke-Bernstein
Reporter:: Jakub Przybyła
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 27/Nov/20 10:57 AM
Updated:: 30/Nov/20 8:54 AM
Resolved:: 30/Nov/20 8:54 AM

Details

Description

Attachments

Activity

People

Dates

Salesforce