CVE-2023-40571

Name of the Vulnerable Software and Affected Versions weblogic-framework versions 0.2.3 and prior

Description The issue is related to a deserialization vulnerability that may lead to remote code execution. When the weblogic-framework receives the command echo, it directly deserializes the data returned by the server without verifying it. The classloader loads a lot of deserialization calls, and malicious serialized data returned by the server can cause remote code execution.

Recommendations For versions 0.2.3 and prior, update to version 0.2.4 to resolve the issue. As a temporary workaround, consider disabling the deserialization of data returned by the server until a patch is available. Restrict access to the echo command to minimize the risk of exploitation.