CVE-2023-31890

CRITICAL

glazedlists <1.11.0 - Code Injection

Title source: llm

Description

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0017
EPSS Percentile 37.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (2)

glazedlists/glazed_lists
com.glazedlists/glazedlists Maven

Timeline

Published May 16, 2023
Tracked Since Feb 18, 2026