CVE-2024-23636

Summary

CVE-2024-23636 is a vulnerability affecting the SOFARPC Java RPC framework. Prior to version 5.12.0, the framework used the SOFA Hessian protocol for data deserialization, which employs a blacklist mechanism to restrict the deserialization of potentially dangerous classes. However, a gadget chain existed that bypassed this protection, relying solely on Java Development Kit (JDK) components and not any third-party add-ons. Version 5.12.0 addressed this issue by adding a blacklist. Users can also add custom blacklists to prevent deserialization of unwanted classes, such as `-Drpc_serialize_blacklist_override=org.apache.xpath.` to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.