CVE-2023-37895P2CRITICALCVSS 9.8≥ 2.21.0, < 2.21.18·≥ 1.0.0, < 2.20.112023-07-25
CVE-2023-37895 [CRITICAL] CWE-502 CVE-2023-37895: Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker t
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI.
Users are advised to
nvd