Deserialization Of Untrusted Data
Apache MINA is vulnerable to deserialization of untrusted data. The vulnerability is due to missing class validation in the AbstractIoBuffer.resolveClass method, which bypasses the classname allowlist and allows an attacker to execute arbitrary code via crafted serialized input...