Conversation
buherator
buherator
Edited 27 days ago
[RSS] The Curious Case of CVE-2015-2551 & CVE-2019-9081 - Doom and Gloom! Or not.
https://jericho.blog/2025/03/30/the-curious-case-of-cve-2015-2551-cve-2019-9081-doom-and-gloom-or-not/
My guess here is both CVE's were for deserialization gadget chains (one in JRE, the other in Laravel) which can't be trivially categorized as vulnerabilities (classes do what they are supposed to, only dev decided to YOLO unrelated parts of their code).
https://jericho.blog/2025/03/30/the-curious-case-of-cve-2015-2551-cve-2019-9081-doom-and-gloom-or-not/
My guess here is both CVE's were for deserialization gadget chains (one in JRE, the other in Laravel) which can't be trivially categorized as vulnerabilities (classes do what they are supposed to, only dev decided to YOLO unrelated parts of their code).
1
0
3
