{"id":"USN-8465-1","summary":"mina2 vulnerabilities","details":"It was discovered that Apache MINA lacked an acceptMatchers allowlist\nmechanism to restrict which classes could be deserialized. An attacker\ncould use this to execute arbitrary code. This issue only affected\nUbuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52046)\n\nIt was discovered that Apache MINA's deserialization filter could be\nbypassed via multiple code paths. An attacker could use this to execute\narbitrary code by sending a specially crafted serialized object over the\nnetwork. (CVE-2026-42778, CVE-2026-42779, CVE-2026-47065)","modified":"2026-06-24T02:19:26.340755018Z","published":"2026-06-23T15:35:56Z","upstream":["CVE-2024-52046","CVE-2026-42778","CVE-2026-42779","CVE-2026-47065","UBUNTU-CVE-2024-52046","UBUNTU-CVE-2026-42778","UBUNTU-CVE-2026-42779","UBUNTU-CVE-2026-47065"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8465-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-52046"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42778"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-42779"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-47065"}],"affected":[{"package":{"name":"mina2","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/mina2?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.5-1ubuntu0.1~esm1"}]}],"versions":["2.1.4-2","2.1.5-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libmina2-java","binary_version":"2.1.5-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8465-1.json"}},{"package":{"name":"mina2","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/mina2?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.1-3ubuntu0.1~esm1"}]}],"versions":["2.2.1-3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libmina2-java","binary_version":"2.2.1-3ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8465-1.json"}},{"package":{"name":"mina2","ecosystem":"Ubuntu:Pro:26.04:LTS","purl":"pkg:deb/ubuntu/mina2?arch=source&distro=esm-apps%2Fresolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.1-4ubuntu0.1~esm1"}]}],"versions":["2.2.1-4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libmina2-java","binary_version":"2.2.1-4ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:26.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8465-1.json"}}],"schema_version":"1.7.5"}