What is CVE-2024-52046?

CVE-2024-52046 is a vulnerability in Apache Software Foundation Mina, classified under Deserialization of Untrusted Data. Published 2024-12-25.

Is CVE-2024-52046 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Apache Software Foundation Mina

CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserial…

Vulnerability class: Insecure Deserialization

EPSS: 0.554 (98.1th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Mina — versions 2.0, 2.1, 2.2

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

References

lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8 (vendor-advisory)

Frequently asked questions

What is CVE-2024-52046?: CVE-2024-52046 is a vulnerability in Apache Software Foundation Mina, classified under Deserialization of Untrusted Data. Published 2024-12-25.
Is CVE-2024-52046 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.