Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9515
Reference (s):
- BID:107970
- URL: http://www.securityfocus.com/bid/107970
- https://github.com/DozerMapper/dozer/issues/217
- URL: https://github.com/DozerMapper/dozer/issues/217
- https://github.com/DozerMapper/dozer/issues/410