oss-sec mailing list archives

CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server

From: Min Ji <jimin () apache org>
Date: Wed, 11 Sep 2024 12:11:32 +0000

Severity: moderate

Affected versions:

- Apache Seata 2.0.0
- Apache Seata 1.0.0 through 1.8.0

Description:

Deserialization of Untrusted Data vulnerability in Apache Seata.This issue affects Apache Seata: 2.0.0, from 1.0.0 
through 1.8.0.

Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.

Credit:

X1r0z(exp10it666123 () gmail com) (finder)

References:

https://seata.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-22399

Current thread:

CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji (Sep 11)