25 matches found
EUVD-2023-1767
Malicious code in bioql PyPI...
EUVD-2024-2573
Malicious code in bioql PyPI...
CVE-2023-45146
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-33496
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...
GHSA-F984-3WX8-GRP9 XXL-RPC Deserialization of Untrusted Data vulnerability
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
XXL-RPC Deserialization of Untrusted Data vulnerability
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
Remote code execution
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146 Remote code execution in XXL-RPC
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146 Remote code execution in XXL-RPC
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
CVE-2023-45146
CVE-2023-45146 affects XXL-RPC’s Netty-based TCP server using Hessian serialization. The root cause is insecure deserialization of untrusted objects, allowing an attacker to remotely supply malicious serialized data that, when deserialized, leads to arbitrary code execution and full machine takeo...
CVE-2023-45146 Remote code execution in XXL-RPC
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...
Remote Code Execution (RCE)
xxl-rpc-core is vulnerable to Remote Code Execution. The vulnerability exists because the server and client will invoke the pre-configured serialization processor for deserialization in the decode function of NettyDecoder.java without input validation, leading to remote code execution...
cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.com.365trade.oss:xxl-job-admin (>=2.2.1.1_zzlh <=2.2.1_zzlh) +31 more potentially affected by CVE-2023-33496 via com.xuxueli:xxl-rpc-core (>=1.2.0 <=1.6.0)
com.xuxueli:xxl-rpc-core MAVEN version =1.2.0, =1.0.0-RELEASE, =2.2.1.1zzlh, =2.2.1.1zzlh, =1.1.1, =2.1.1-RELEASE, =0.0.1, =0.0.1, =2.0.4, =2.0.4, =0.0.1, =2.0.5 and more Source cves: CVE-2023-33496 Source advisory: OSV:GHSA-C29G-Q3H3-MWCF...
xxl-rpc deserialization vulnerability
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...
GHSA-C29G-Q3H3-MWCF xxl-rpc deserialization vulnerability
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...
CVE-2023-33496
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...
CVE-2023-33496
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...
CVE-2023-33496
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...
Deserialization of untrusted data
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...