Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

2024-12-27 06:46

The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's

News URL

https://thehackernews.com/2024/12/apache-mina-cve-2024-52046-cvss-100.html

#apache #CVE #CVS #cvss #RCE #CVE-2024-52046

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-25	CVE-2024-52046	Deserialization of Untrusted Data vulnerability in Apache Mina The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. network low complexity apache CWE-502 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		283	13	567	724	379	1683

News URL

Related news

Related Vulnerability

Related vendor