Description
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.
Remediation
References
https://github.com/edirc-wong/record/blob/main/deserialization_vulnerability_report.md
Related Vulnerabilities
CVE-2020-13822 Vulnerability in maven package org.webjars.npm:elliptic
CVE-2023-26158 Vulnerability in maven package org.webjars.npm:mockjs
CVE-2023-45311 Vulnerability in npm package fsevents
CVE-2022-31160 Vulnerability in npm package jquery-ui
CVE-2021-4279 Vulnerability in maven package org.webjars.npm:fast-json-patch