CVE-2014-9515

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

Date published : 2017-12-29

http://www.securityfocus.com/bid/107970

https://github.com/DozerMapper/dozer/issues/217