cwm1123

1 exploit Active since Mar 2025
CVE-2025-31129 NOMISEC HIGH WORKING POC
jooby-pac4j < 2.17.0 and 3.0.0.M1-3.6.1 - Deserialization of Untrusted Data in SessionStoreImpl
Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
CVSS 8.8