Skip to content

fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE

Critical severity GitHub Reviewed Published Apr 22, 2026 in hyperledger/fabric • Updated Apr 29, 2026
0 Open 0 Closed
Type
Filter by repository type
All
Public
Private
Internal
Sort
Sort by
Newest
Oldest

No open alerts for this advisory

Give feedback on Dependabot alerts