Vulnerabilities > CVE-2018-15890 - Deserialization of Untrusted Data vulnerability in Ethereum Ethereumj 1.8.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |