Sharing for awareness some details on one of my bugs (CVE-2023-44350) that was fixed in APSB23-52. Adobe's patches are effective, but orgs building/using remote CFC methods will want to understand the vulnerability, review their code, and many want to consider additional controls - https://www.hoyahaxa.com/2023/11/critical-variable-mass-assignment.html