Vulnerabilities > Nuxeo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-06 | CVE-2013-4521 | Deserialization of Untrusted Data vulnerability in Nuxeo 5.6.0/5.8.0 RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. | 7.5 |
| 2017-03-24 | CVE-2017-5869 | Path Traversal vulnerability in Nuxeo Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. | 6.5 |