CVE-2013-1768: Remote arbitrary code execution

July 11, 2013 (updated April 19, 2018)

The BrokerFactory functionalitycreates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1768

Detect and mitigate CVE-2013-1768 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →