#27 Apache Jackrabbit - 2.21.4 vulnerability CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI.
Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.
Vulnerability Information:
https://nvd.nist.gov/vuln/detail/CVE-2023-37895
https://security-tracker.debian.org/tracker/CVE-2023-37895
https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
Caught in Backduck scan as well: (BDSA-2023-1944
Please prioritize.
Hello Team,
Any update on the above issue.
Hi, Any update on patch availability for this issue?
release 13.11
Any date on when 13.11 will be available ?