CNNVD-202601-066 Information
CNNVD ID
CNNVD-202601-066
Related CVE
- CNNVD Published: 2026-01-02
Description (Chinese)
MessagePack for Java是MessagePack开源的一个序列化器软件。 MessagePack for Java 0.9.11之前版本存在安全漏洞,该漏洞源于反序列化时未限制有效载荷长度,可能导致拒绝服务。
Description (English)
MessagePack for Java is a serializer software for MessagePack open source. There is a security loophole in the pre-Java 0.9.11 version of the MessagePack for Java, which stems from the fact that the anti-serialization does not limit the length of the payload and may lead to the denial of services.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
MessagePack
Published
2026-01-02
Last Modified
2026-02-24
References
https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae https://github.com/msgpack/msgpack-java/releases/tag/v0.9.11 https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x https://access.redhat.com/security/cve/cve-2026-21452
Patch
https://github.com/msgpack/msgpack-java/releases
Share on: