-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability involves insecure deserialization via JMX/RMI in Java 8. Key functions include those initializing JMX services (JmxManager.startJmxManager) and handling RMI deserialization (RemoteFilterChain.readObject). These functions likely lacked serialization filters in vulnerable versions, as the patch introduces a system property to enable filtering. The confidence is medium due to inferred code behavior from vulnerability descriptions and Java RMI/JMX patterns, though exact patch details are unavailable.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.geode:geode-core | maven | < 1.12.16 | 1.12.16 |
| org.apache.geode:geode-core | maven | >= 1.13.0, < 1.13.5 | 1.13.5 |
| org.apache.geode:geode-core |
| maven |
| >= 1.14.0, < 1.14.1 |
| 1.14.1 |
Ongoing coverage of React2Shell