CVE-2023-41331

Summary

CVE-2023-41331 is a vulnerability in the SOFARPC Java RPC framework. Versions prior to 5.11.0 are affected by this vulnerability, which allows for remote command execution. An attacker can exploit this vulnerability by injecting JNDI or executing system commands through a carefully crafted payload. The default configuration of the SOFARPC framework includes a blacklist to filter out dangerous classes during deserialization, but it is not comprehensive. This leaves room for actors to exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. The recommended remediation is to update to version 5.11.0, which contains a fix for this issue. As a temporary workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist. The vulnerability poses a high risk to organizations as it allows attackers to execute arbitrary commands on vulnerable systems, compromising the integrity and confidentiality of data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.