Описание
Apache Seata Vulnerable to Deserialization of Untrusted Data
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0.
Users are recommended to upgrade to version 2.2.0, which fixes the issue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-47552
- https://github.com/apache/incubator-seata/commit/c0d2ac540b5579e909ae3240f112575313fcad34
- https://github.com/apache/incubator-seata/releases/tag/v2.2.0
- https://lists.apache.org/thread/652o82vzk9qrtgksk55cfgpbvdgtkch0
- http://www.openwall.com/lists/oss-security/2025/03/19/5
Пакеты
org.apache.seata:seata-config-core
>= 2.0.0, < 2.2.0
2.2.0
Связанные уязвимости
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Users are recommended to upgrade to version 2.2.0, which fixes the issue.
Уязвимость программного обеспечения распределения и увеличения производительности транзакций в архитектуре микросервисов Apache Seata, связанная с недостатками механизма десериализации, позволяющая нарушителю вызвать отказ в обслуживании