Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-54676


Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.


Published

2025-01-08T09:15:07.440

Last Modified

2025-01-15T15:50:39.987

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses
  • Type: Primary
    CWE-502

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache openmeetings < 8.0.0 Yes

References