CVE Published: 11/02/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache Cayenne Status : PUBLISHED
CVE-2022-24289 Description
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\'s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \'remote\' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.