Deserialization Vulnerability in JD-GUI Affects Java Decompiler by Java Decompiler
CVE-2023-26234

9.8CRITICAL

Key Information:

Vendor: Jd-gui Project
Status: Jd-gui
Vendor: CVE Published:; 21 February 2023

🔔 Create Jd-gui Project Vulnerability Alert

What is CVE-2023-26234?

The JD-GUI application version 1.6.6 is affected by a deserialization vulnerability that can be exploited through the UIMainWindowPreferencesProvider.singleInstance component. When an attacker manipulates serialized data sent to this component, it may lead to unauthorized code execution or other adverse impacts on the application. Users of JD-GUI are advised to update to a secure version to mitigate the risk associated with this vulnerability.

References

https://github.com/java-decompiler/jd-gui/issues/415

https://github.com/java-decompiler/jd-gui/pull/417

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2023
Vulnerability Reserved
Feb 20, 2023

JSON