CVE-2013-2165: Deserialization of Untrusted Data

July 23, 2013 (updated June 12, 2017)

ResourceBuilderImpl.java does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Code Behaviors & Features

Detect and mitigate CVE-2013-2165 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →