CVE-2014-9515
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS
Description
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
Dozer is a Java Bean to Java Bean mapper that recursively copies data from one object to another.
GitHub