Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 Analysis Apache ActiveMQ CVE-2023-46604의 원인,...

activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...