do you know about this?
The critical vulnerabilities are described below:
- The vulnerability has been detected in the JavaSerializationCodec class , due to the lack of proper validation of user-supplied data, which could result in the deserialization of untrusted data. An attacker could execute code in the context of SYSTEM. The identifier CVE-2023-39476 has been assigned for this vulnerability.
- The flaw is in the ParameterVersionJavaSerializationCodec class, originating from the lack of correct validation of user-supplied data, which could result in the deserialization of untrusted data. An attacker could exploit this vulnerability to execute code in the context of SYSTEM. The identifier CVE-2023-39475 has been assigned for this vulnerability.
The other high severity vulnerabilities have been assigned the identifiers CVE-2023-39473, CVE-2023-39474 and CVE-2023-39477.