CVE-2023-26234

JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

References

Link	Resource
https://github.com/java-decompiler/jd-gui/issues/415	Exploit Issue Tracking
https://github.com/java-decompiler/jd-gui/pull/417	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:jd-gui_project:jd-gui:1.6.6:*:*:*:*:*:*:*

Information

Published : 2023-02-20 16:15

Updated : 2023-03-02 09:12

NVD link : CVE-2023-26234

Mitre link : CVE-2023-26234

JSON object : View

CWE

CWE-502

Deserialization of Untrusted Data

Products Affected

jd-gui_project