CVE-2023-48887: Deserialization of Untrusted Data

December 2, 2023 (updated December 7, 2023)

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.

References

github.com/advisories/GHSA-6pqx-v9g4-5hc8
github.com/fengjiachun/Jupiter
github.com/fengjiachun/Jupiter/issues/115
github.com/welk1n/JNDI-Injection-Exploit/releases/tag/v1.0
nvd.nist.gov/vuln/detail/CVE-2023-48887

Code Behaviors & Features

Detect and mitigate CVE-2023-48887 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →