Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SofastackSofarpc

2 matches found

CVE
CVEadded 2024/01/23 5:22 p.m.61 views

CVE-2024-23636

SOFARPC (Java RPC framework) is vulnerable prior to version 5.12.0 due to a gadget chain that can bypass the Hessian blacklist used to restrict deserialization of potentially dangerous classes. The vulnerability is rooted in the Hessian-based deserialization thatCAN be manipulated by a gadget cha...

9.8CVSS9.6AI score0.00936EPSS
CVE
CVEadded 2023/09/12 7:57 p.m.40 views

CVE-2023-41331

Summary: CVE-2023-41331 affects SOFARPC, a Java RPC framework. Versions before 5.11.0 are vulnerable to remote command execution via deserialization, enabling JNDI injection or system command execution through crafted payloads. The default blacklist for dangerous classes is incomplete, allowing g...

9.8CVSS10AI score0.05192EPSS