Severity
High
Analysis Summary
CVE-2024-52046
The ObjectSerializationDecoder in Apache MINA uses Java's native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability affects MINA core versions 2.0.X, 2.1.X and 2.2.X and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4.. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-52046
Affected Vendors
Apache
Affected Products
- Apache MINA 2.0 - 2.0.26
- Apache MINA 2.1 - 2.1.9
- Apache MINA 2.2 - 2.2.3
Remediation
Refer to Apache Website for patch, upgrade, or suggested workaround information.