This issue covers following CVEs related to polymorphic deserialization, gadgets: * CVE-2018-14718: RCE with slf4j-ext jar * CVE-2018-14719: RCE with blaze-ds-opt, -core jars * CVE-2018-14720: exfiltration/XXE with only JDK classes (some JDK versions) * CVE-2018-14721: exfiltration/SSRF with axis2-jaxws Original vulnerability discoverer: 吴桂雄 Wuguixiong ----- Fixed in: * 2.9.7 and later * 2.8.11.3 * 2.7.9.5 * 2.6.7.3
This issue covers following CVEs related to polymorphic deserialization, gadgets:
Original vulnerability discoverer:
吴桂雄 Wuguixiong
Fixed in: