-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.wildfly:wildfly-parent | maven | < 20.0.0.Final | 20.0.0.Final |
Miggo AIRoot Cause AnalysisThe vulnerability stems from Wildfly's EJB remoting layer deserializing untrusted data without validation. The CWE-502 context and advisory descriptions indicate the core issue lies in EJB protocol handling. Functions like processInvocation and readProxyCommand are central to EJB communication and would logically involve deserialization. Prior to Wildfly 20.0.0.Final, these functions likely used ObjectInputStream or similar mechanisms without implementing a whitelist/class resolver. This matches the pattern of historical Java deserialization vulnerabilities in remoting components.
Ongoing coverage of React2Shell