This PoC is cloned from https://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040 About our analyzing process, please visit PDF file on the main repo.
buiduchoang24/CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Cre: NVD
JavaApache-2.0