Pentaho The Response Could Not Be Deserialized

[Anfos Sin]

I use GWT and JPA for persistence. I have created a domain JPA enchanted classes, DAO's and RPC for communication between them. Everything works fine, through RPC the client sends the object to server but could not get response. Server cannot deserialize in a compatible way with the client side. So i cannot use the server callBack back to the client. The exception message is this:

Note that this is not the only URL that works. Please refer to -2022-43939 for more details on the regex in use and other potential ways CVE-2022-43939 could work, as URLS such as :8080/pentaho/api/ldap/config/ldapTreeNodeChildren/requireAjs?url=%23T(java.lang.Runtime).getRuntime().exec('notepad.exe')&mgrDn=a&pwd=a could also be used to exploit this vulnerability as an unauthenticated user.

Pentaho The Response Could Not Be Deserialized

Download https://oyndr.com/2yWj02

aa06259810