CVE-2023-35839
CRITICALSolon < 2.3.3 - Insecure Deserialization
Title source: ruleDescription
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload.
Scores
CVSS v3
9.8
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (2)
solon/solon
< 2.3.3
org.noear/solon
< 2.3.3Maven
Timeline
Published
Jun 19, 2023
Tracked Since
Feb 18, 2026