-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsafe deserialization via the 'ex:serializable' XML-RPC extension type. The SerializableParser directly handles this type using Java's native deserialization (ObjectInputStream), which is inherently unsafe with untrusted data. The XmlRpcServerConfigImpl's enabledForExtensions flag controls whether these dangerous extensions are processed. Red Hat's mitigation explicitly mentions disabling this flag, confirming its role in the vulnerability. The combination of these two components creates the exploitable path.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.xmlrpc:xmlrpc | maven | <= 3.1.3 |
A Semantic Attack on Google Gemini - Read the Latest Research