Vulnerabilities > Apache > Mina
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-25 | CVE-2024-52046 | Deserialization of Untrusted Data vulnerability in Apache Mina The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. | 9.8 |
| 2021-11-01 | CVE-2021-41973 | Infinite Loop vulnerability in multiple products In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. | 6.5 |
| 2019-10-01 | CVE-2019-0231 | Cleartext Transmission of Sensitive Information vulnerability in Apache Mina 2.0.20/2.1.1 Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. | 7.5 |