GHSA-F8X3-C29W-WFMJ

Exploit Intelligence

• Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh. (github-poc-repo)
• Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh. (github-poc-repo)
• Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh. (github-poc)
• Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh. (github-poc)
• A testing tool for CobaltStrike-RCE:CVE-2022-39197; Weblogic-RCE:CVE-2023-21839; MinIO:CVE-2023-28432 (github-poc-repo)
• A testing tool for CobaltStrike-RCE:CVE-2022-39197; Weblogic-RCE:CVE-2023-21839; MinIO:CVE-2023-28432 (github-poc-repo)
• CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839 (github-poc)
• CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839 (github-poc)
• kw3h4/CVE-2023-21839-metasploit-scanner (github-poc)
• kw3h4/CVE-2023-21839-metasploit-scanner (github-poc)

…and 22 more exploits

Timeline

• CVE Published
• Apr 10, 2026 Security Advisory