CVE-2019-13116
published 2019-10-16CVE-2019-13116: The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.13%
91.3th percentile
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mulesoft | mule_runtime | < 3.8.0 | 3.8.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mulesoft Mule Unsafe Deserialization
ghsa·2022-05-24
CVE-2019-13116 [CRITICAL] CWE-502 Mulesoft Mule Unsafe Deserialization
Mulesoft Mule Unsafe Deserialization
The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.
OSV
Mulesoft Mule Unsafe Deserialization
osv·2022-05-24
CVE-2019-13116 [CRITICAL] Mulesoft Mule Unsafe Deserialization
Mulesoft Mule Unsafe Deserialization
The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-10-16
Published