github - ghsa-cvcf-w75c-gw5r

ghsa-cvcf-w75c-gw5r

Vulnerability from github

Published

2022-05-24 16:58

Modified

2023-09-26 16:37

Severity

9.8 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Mulesoft Mule Unsafe Deserialization

Details

The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.mule.runtime:mule"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-13116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T20:23:50Z",
    "nvd_published_at": "2019-10-16T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.",
  "id": "GHSA-cvcf-w75c-gw5r",
  "modified": "2023-09-26T16:37:45Z",
  "published": "2022-05-24T16:58:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13116"
    },
    {
      "type": "WEB",
      "url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mulesoft/mule"
    },
    {
      "type": "WEB",
      "url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mulesoft Mule Unsafe Deserialization"
}

cve-2019-13116

Vulnerability from cvelistv5

Published

2019-10-16 19:06

Modified

2024-08-04 23:41

Severity

Summary

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections

References

URL	Tags
https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes	x_refsource_MISC
https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/	x_refsource_MISC

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:41:10.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T21:39:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes",
              "refsource": "MISC",
              "url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
            },
            {
              "name": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/",
              "refsource": "MISC",
              "url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13116",
    "datePublished": "2019-10-16T19:06:39",
    "dateReserved": "2019-06-30T00:00:00",
    "dateUpdated": "2024-08-04T23:41:10.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.