XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.
References
Link | Resource |
---|---|
https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-18T21:56:55.614Z
Updated: 2023-10-18T21:56:55.614Z
Reserved: 2023-10-04T16:02:46.330Z
Link: CVE-2023-45146
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-18T22:15:09.323
Modified: 2023-10-30T14:14:07.753
Link: CVE-2023-45146
JSON object: View
Redhat Information
No data.
CWE