CVE-2024-28213: nGrinder vulnerable to unsafe Java objects deserialization

March 7, 2024

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

References

cve.naver.com/detail/cve-2024-28213.html
github.com/advisories/GHSA-j7jm-8gf5-frcm
github.com/naver/ngrinder
github.com/naver/ngrinder/commit/85efa4a075354e077a700262ef78e2e9119881bf
nvd.nist.gov/vuln/detail/CVE-2024-28213

Code Behaviors & Features

Detect and mitigate CVE-2024-28213 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →