all InfoSec news
CVE-2023-41331 (sofarpc)
Sept. 12, 2023, 8:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI …
attacker command configuration cve default deserialization filter framework injection java jndi payload process rpc system vulnerable
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Information System Security Officer (ISSO)
@ LinQuest | Boulder, Colorado, United States
Project Manager - Security Engineering
@ MongoDB | New York City
Security Continuous Improvement Program Manager (m/f/d)
@ METRO/MAKRO | Düsseldorf, Germany
Senior JavaScript Security Engineer, Tools
@ MongoDB | New York City
Principal Platform Security Architect
@ Microsoft | Redmond, Washington, United States
Staff Cyber Security Engineer (Emerging Platforms)
@ NBCUniversal | Englewood Cliffs, NEW JERSEY, United States