Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 3:38 a.m.9 views

CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

10CVSS8.3AI score0.01046EPSS
Exploits0
vulnersosv
vulnersosv
added 2024/08/05 9:29 p.m.11 views

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.com.365trade.oss:xxl-job-admin (>=2.2.1.1_zzlh <=2.2.1_zzlh) +31 more potentially affected by CVE-2023-45146 via com.xuxueli:xxl-rpc-core (>=1.2.0 <=1.6.0)

com.xuxueli:xxl-rpc-core MAVEN version =1.2.0, =1.0.0-RELEASE, =2.2.1.1zzlh, =2.2.1.1zzlh, =1.1.1, =2.1.1-RELEASE, =0.0.1, =0.0.1, =2.0.4, =2.0.4, =0.0.1, =2.0.5 and more Source cves: CVE-2023-45146 Source advisory: OSV:GHSA-F984-3WX8-GRP9...

10CVSS7.2AI score0.01046EPSS
Exploits0
vulnrichment
vulnrichment
added 2023/10/18 9:56 p.m.20 views

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

9CVSS8.2AI score0.01046EPSS
Exploits0References1
cve
cve
added 2023/10/18 9:56 p.m.104 views

CVE-2023-45146

CVE-2023-45146 affects XXL-RPC’s Netty-based TCP server using Hessian serialization. The root cause is insecure deserialization of untrusted objects, allowing an attacker to remotely supply malicious serialized data that, when deserialized, leads to arbitrary code execution and full machine takeo...

10CVSS9.8AI score0.01046EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder