Vendor

Hyperledger

1 brief RSS

Hyperledger Fabric SDK Java Deserialization RCE

The deprecated fabric-sdk-java client SDK is vulnerable to Java deserialization RCE due to the use of ObjectInputStream.readObject() without an ObjectInputFilter in Channel.java, allowing remote code execution if an attacker can supply crafted serialized Channel bytes to the client application.

fabric-sdk-java deserialization rce java

2r 1t 5d ago