← Back

Taoensso

taoensso

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Sente
sente
1 CVE
Nippy
nippy
1 CVE

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-24164
1Taoensso
1Nippy
Jun 17, 2026
Sep 11, 2020
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. Th...Show more
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.Show less
CVE-2019-1000022
1Taoensso
1Sente
Jun 17, 2026
Feb 4, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appe...Show more
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later.Show less