This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache.
On November 2, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-46604 to its known exploited list, KEV Catalog, indicating this vulnerability’s high risk and impact. Fortiguard Labs also released an outbreak alert and a threat signal report about the active exploitation of CVE-2023-46604, providing more details and recommendations for mitigation.
Read more…
Source: Fortinet