cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-39913,https://securityvulnerability.io/vulnerability/CVE-2023-39913,"Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats","The Apache UIMA Java SDK is vulnerable to a deserialization of untrusted data issue due to improper input validation during the deserialization of Java objects. This vulnerability affects various components including the CAS serialization utilities and the CAS Editor Eclipse plugin. When serialized data is deserialized, there is no verification, potentially allowing for arbitrary code execution, especially in deployed services using the Vinci Analysis Engine. Users are encouraged to upgrade to version 3.5.0, which incorporates enhanced input validation measures and restricts the deserialization process to safer practices. For optimum security, it is also recommended to run UIMA under Java 9+, allowing configuration of ObjectInputFilters to further restrict deserialization behavior.",Apache,"Apache Uima Java Sdk Core,Apache Uima Java Sdk Cpe,Apache Uima Java Sdk Vinci Adapter,Apache Uima Java Sdk Tools",8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-11-08T08:15:00.000Z,0