MessagePack for Java 安全漏洞

MessagePack for Java is a serializer software from MessagePack open source. A security vulnerability exists in MessagePack for Java versions prior to 0.9.11, which stems from a failure to limit the payload length when deserializing, which could result in a denial of service...

SUSE CVE-2023-38647

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.3 for Spring Boot security update.

Red Hat build of Apache Camel 4.8.3 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

Critical: Red Hat Security Advisory: jboss-amq-6-amq63-openshift-container security update

An update for jboss-amq-6-amq63-openshift-container is now available for RHEL-7 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...