14 matches found
EUVD-2022-0952
Malicious code in bioql PyPI...
CVE-2023-45146
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2022-24289
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...
Insecure Deserialization
com.xuxueli, xxl-rpc-core is vulnerable to Insecure Deserialization. The vulnerability is caused due to a missing validation while deserializing the user supplied data when a TCP server is set up using the Netty framework and the Hessian serialization mechanism. Attackers can abuse this to take...
XXL-RPC Deserialization of Untrusted Data vulnerability
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
Remote code execution
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146
CVE-2023-45146 affects XXL-RPC’s Netty-based TCP server using Hessian serialization. The root cause is insecure deserialization of untrusted objects, allowing an attacker to remotely supply malicious serialized data that, when deserialized, leads to arbitrary code execution and full machine takeo...
CVE-2023-45146 Remote code execution in XXL-RPC
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
GHSA-C58C-W527-H77P Deserialization of untrusted data in Apache Cayenne
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...
CVE-2022-24289
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...
CVE-2022-24289
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...
Code injection
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...