CVE-2023-45146

Name of the Vulnerable Software and Affected Versions XXL-RPC (affected versions not specified)

Description The issue concerns a high-performance, distributed RPC framework. When a TCP server is set up using the Netty framework and the Hessian serialization mechanism, attackers may be able to connect to the server and provide malicious serialized objects. Once deserialized, these objects can force the server to execute arbitrary code, potentially allowing attackers to take control of the machine the server is running on through remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.