CVE-2023-41331

Name of the Vulnerable Software and Affected Versions SOFARPC versions prior to 5.11.0

Description SOFARPC is a Java RPC framework. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. The default configuration of the SOFARPC framework uses a blacklist to filter out dangerous classes during the deserialization process. However, the blacklist is not comprehensive, allowing an actor to exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks.

Recommendations For versions prior to 5.11.0, update to version 5.11.0 to resolve the issue. As a temporary workaround, users can add -Drpc serialize blacklist override=javax.sound.sampled.AudioFileFormat to the blacklist.