Severity
High
Analysis Summary
CVE-2021-41616
Apache DdlUtils could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw in the ObjectInputStream.readObject in the BinaryObjectsHelper class. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Affected Vendors
Apache
Affected Products
- Apache DdlUtils 1.0
Remediation
Upgrade to the latest version of DdlUtils, available from the Apache Web site.