OESA-2026-2244 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

OESA-2026-2243 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

UBUNTU-CVE-2026-42778

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a stat...

PT-2026-36314

Name of the Vulnerable Software and Affected Versions Apache MINA affected versions not specified Description An issue in the deserialization mechanism of the Apache MINA Java network application framework could allow a remote attacker to impact the confidentiality, integrity, and availability of...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), be.mogo.iam:mogo-provisioning (>=1.0.1.RELEASE <=1.1.7.RELEASE) +898 more potentially affected by CVE-2024-52046 +1 more via org.apache.mina:mina-core (>=2.0.0 <=2.0.27)

org.apache.mina:mina-core MAVEN version =2.0.0, =37.v0d3157c4aef8, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.2.RELEASE, =2.0.0, =1.0.7, =1.1.6, =1.1.0, =1.0.0, =1.1.0, =5.1.3 and more Source cves: CVE-2024-52046,...

DEBIAN-CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

EUVD-2026-25809

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

Linux Distros Unpatched Vulnerability : CVE-2024-52046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ObjectSerializationDecoder in Apache MINA uses Java's native deserialization protocol to process incoming serialized data but lacks the necessary security...

Security Bulletin: Due to use of mina-core IBM My webMethods Server is vulnerable to Insecure Java Deserilization

Summary IBM My webMethods Server includes mina-core as part of its OSGi platform, which is affected by a known vulnerability CVE-2024-52046. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The...

Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution

Summary Apache MINA Core is used by IBM App Connect Professional CVE-2024-52046 Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security...

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

The Apache Software Foundation ASF has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046 , the vulnerability carries a CVSS score of 10.0. It...

be.mogo.iam:mogo-provisioning (>=1.0.1.RELEASE <=1.1.7.RELEASE), be.personify.iam:personify-provisioning (>=1.1.8.RELEASE <=1.3.0.RELEASE) +1101 more potentially affected by CVE-2024-52046 via org.apache.mina:mina-core (>=2.0.0-M1 <=2.0.26)

org.apache.mina:mina-core MAVEN version =2.0.0-M1, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =2.7.4.0, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.2.RELEASE, =1.0.3.RELEASE - cn.javaboot:nacos-address =1.4.1 - cn.javaboot:nacos-console =1.4.1 - cn.javaboot:nacos-distribution =1.4.1...

CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046 vulnerabilities

Vulnerabilities for packages: jenkins, apache-nifi...

CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046

creationtimestamp| type| source ---|---|--- 2024-12-25 04:11:33+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3le43qfwqvm24 2024-12-25 10:08:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113712909971845242 2024-12-25 10:15:24+00:00| seen|...