Vulnerability Details CVE-2024-28213
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.074
EPSS Ranking 91.3%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-28213
-
cpe:2.3:a:naver:ngrinder:3.0
-
cpe:2.3:a:naver:ngrinder:3.0.1
-
cpe:2.3:a:naver:ngrinder:3.0.2
-
cpe:2.3:a:naver:ngrinder:3.0.3
-
cpe:2.3:a:naver:ngrinder:3.0.4
-
cpe:2.3:a:naver:ngrinder:3.1
-
cpe:2.3:a:naver:ngrinder:3.1.1
-
cpe:2.3:a:naver:ngrinder:3.1.2
-
cpe:2.3:a:naver:ngrinder:3.1.3
-
cpe:2.3:a:naver:ngrinder:3.2
-
cpe:2.3:a:naver:ngrinder:3.2.1
-
cpe:2.3:a:naver:ngrinder:3.2.2
-
cpe:2.3:a:naver:ngrinder:3.2.3
-
cpe:2.3:a:naver:ngrinder:3.3
-
cpe:2.3:a:naver:ngrinder:3.4
-
cpe:2.3:a:naver:ngrinder:3.4.1
-
cpe:2.3:a:naver:ngrinder:3.4.2
-
cpe:2.3:a:naver:ngrinder:3.4.3
-
cpe:2.3:a:naver:ngrinder:3.4.4
-
cpe:2.3:a:naver:ngrinder:3.5.0
-
cpe:2.3:a:naver:ngrinder:3.5.1
-
cpe:2.3:a:naver:ngrinder:3.5.2
-
cpe:2.3:a:naver:ngrinder:3.5.3
-
cpe:2.3:a:naver:ngrinder:3.5.4
-
cpe:2.3:a:naver:ngrinder:3.5.5
-
cpe:2.3:a:naver:ngrinder:3.5.6
-
cpe:2.3:a:naver:ngrinder:3.5.7
-
cpe:2.3:a:naver:ngrinder:3.5.8