Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE

Although the unauthenticated Java deserialization flaw has been known since 2015, GWT apps remain vulnerable to malicious server-side code execution, new research says.

https://www.darkreading.com/cloud-security/unpatched-gwt-vuln-leaves-apps-open-server-side-rce