CVE-2024-28211 - AskarLabs CVE Database

CVE-2024-28211

Weakness CWE-502 · Unsafe deserialization

Published March 7, 2024

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

Key dates

02Disclosure timeline

March 7, 2024 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-28211 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2024-54367 WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability CVE-2025-14922 Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2024-27322 CVE-2025-13711 Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()