Details
-
Bug Report
-
Resolution: Fixed
-
L2 - Critical
-
None
-
7.15.0-alpha1, 7.15.0
-
None
Description
When analyzing the violations through OWASP, it turned out that the latest version of Camunda uses the MyBatis version, which mishandles deserialization of object streams.
Published Vulnerabilities: