Re: SmartBear SoapUI - Remote Code Execution via Deserialization

[Harrison Neal <hneal () whatdidibreak com>]

For users of the "next" branch, if you've built the project since Feb 3rd,
you're probably safe (RMI/Cajo disabled and libraries updated):

https://github.com/SmartBear/soapui/commit/42af23fb46d81b4c2121193b9eca9c5fd15f5b6a

https://github.com/SmartBear/soapui/commit/0562c0f1357c526711eabf1a87dfb5622f92a721

-HN

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/