Description
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.
Remediation
References
https://github.com/ptaoussanis/nippy/issues/130
Related Vulnerabilities
CVE-2021-43838 Vulnerability in npm package jsx-slack
CVE-2016-6801 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav
CVE-2018-3786 Vulnerability in npm package egg-scripts
CVE-2022-0265 Vulnerability in maven package com.hazelcast:hazelcast
CVE-2020-5228 Vulnerability in maven package org.opencastproject:opencast-oaipmh-api