VYPR

Mina

by Apache

Source repositories

CVEs (4)

  • CVE-2026-42779CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at…

  • CVE-2026-42778CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was…

  • CVE-2026-41409CriApr 27, 2026
    risk 0.57cvss 9.8epss 0.00

    The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are…

  • CVE-2026-41635CriApr 27, 2026
    risk 0.57cvss 9.8epss 0.01

    Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in…