CVE-2023-45146

CRITICAL

9.0

Descricao

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.

Detalhes CVE

Pontuacao CVSS v3.19.0

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado10/18/2023

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

xxl-rpc_project:xxl-rpc

Fraquezas (CWE)

CWE-502CWE-502

Referencias

https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/(security-advisories@github.com)

https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/(af854a3a-2127-422b-91ae-364da2661108)

https://www.vicarius.io/vsociety/posts/xxl-rpc-rce-cve-2023-45146(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.