GitHub

software-engineering-and-security/gadgetbuilder

For more information, we refer to the reference publication. If you are overwhelmed by the fragment construction (trampoline + chain + sinkadapter), do not worry! We set default values (here) for ...
CSOonline

Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA

CISA is warning Adobe and Oracle customers about in-the-wild exploitation of critical vulnerabilities affecting the services of these leading enterprise software providers. The US cybersecurity ...
Hacker

Sound Call Graph Construction for Java Object Deserialization: Background

We publish the best academic work (that's too often lost to peer reviews & the TA's desk) to the global tech community byEScholar: Electronic Academic Papers for Scholars@escholar byEScholar: ...
Security Boulevard

Relution Remote Code Execution via Java Deserialization Vulnerability

In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE ...
theregister

Warning over Java libraries and deserialization security weaknesses

Boffins at universities in France, Germany, Luxembourg, and Sweden took a deep dive into known Java deserialization vulnerabilities, and have now resurfaced with their findings. In short, they've ...