Miggo Logo
Miggo Vulnerability Database
CVE-2023-48967

CVE-2023-48967: Solon is vulnerable to Deserialization of Untrusted Data

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-48967
GHSA ID
GHSA-vwgg-2q82-38c5
EPSS Score
0.51117%
CWE
CWE-502
Published
12/4/2023
Updated
12/8/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.noear:solonmaven<= 2.6.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub issue #226 explicitly identifies FuryActionExecutor (line 25) as the vulnerability location. The PoC demonstrates that Fury's deserialization mechanism is used to process untrusted RPC payloads without adequate validation. Fury's default configuration relies on a blacklist, which is insufficient to prevent all gadget chain exploits. The attack leverages a combination of QBindingEnumeration (from Quercus) and XStringForFSB (from XBean) classes to bypass protections and execute JNDI lookups. This matches the CWE-502 pattern of unsafe deserialization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Ssolon <= *.*.* *n* <=*.*.** is vuln*r**l* to **s*ri*liz*tion o* Untrust** **t*.

Reasoning

T** *it*u* issu* #*** *xpli*itly i**nti*i*s `*ury**tion*x**utor` (lin* **) *s t** vuln*r**ility lo**tion. T** Po* **monstr*t*s t**t *ury's **s*ri*liz*tion m****nism is us** to `pro**ss` untrust** RP* p*ylo**s wit*out ***qu*t* `v*li**tion`. *ury's ***