Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK. This issue affects Apache UIMA Java SDK before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI …