Midv-679 [better] Jun 2026

The vulnerability is present only when the optional feature is turned on (default = enabled ).

The deserialization process invokes the class, which will execute any gadget chain present in the serialized payload. The code base ships with a vulnerable version of commons‑collections that includes the well‑known InvokerTransformer → TemplatesImpl gadget, allowing an attacker to execute arbitrary bytecode. MIDV-679

Apply augmentations to both image and quadrilateral annotations (albumentations supports keypoints or polygons). The vulnerability is present only when the optional

alert tcp $EXTERNAL_NET any -> $HOME_NET 8443 (msg:"MIDV-679 - Java serialized object upload attempt"; \ flow:to_server,established; \ content:"POST"; http_method; \ content:"/api/v1/metadata/import"; http_uri; \ content:"application/x-java-serialized-object"; http_content_type; \ classtype:attempted-admin; sid:2026001; rev:1;) ) Let's get started!

Let's get started!