CVE-2019-13116 – org.mule.runtime:mule

Package

Manager: maven
Name: org.mule.runtime:mule
Vulnerable Version: >=0 <3.8.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02658 pctl0.85215

Details

Mulesoft Mule Unsafe Deserialization The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.

Metadata

Created: 2022-05-24T16:58:52Z
Modified: 2023-09-26T16:37:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cvcf-w75c-gw5r/GHSA-cvcf-w75c-gw5r.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-cvcf-w75c-gw5r
Finding: F096
Auto approve: 1