1. Incomplete Deserialization Fix Leaves Apache MINA Vulnerable to Code Execution via Static Initializer Timing Gap
A critical vulnerability in Apache MINA has been identified where a previous security fix was applied incompletely, leaving a window for potential remote code execution. The issue centers on CVE-2024-52046's remediation in the AbstractIoBuffer.getObject() method, where the classname allowlist designed to restrict deser...