Description
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Remediation
Upgrade to the latest version of JBoss.
References
Related Vulnerabilities
VMware Aria Operations for Networks RCE (CVE-2023-20887)
Java Debug Wire Protocol remote code execution
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
WordPress Plugin Loco Translate PHP Code Injection (2.5.3)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)