PT-2024-14172 · Apache · Apache James
Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.7.5 and 3.8.0 Description: The issue concerns the exposure of a JMX endpoint on localhost, which is subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadget, this could b...