Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
Vulnerability Description
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Apache Seata 代码问题漏洞
Vulnerability Description
Apache Seata是美国阿帕奇(Apache)基金会的一款在微服务架构下提供高性能和简单易用的分布式事务服务的开源项目。 Apache Seata 2.0.0版本和1.0.0版本至1.8.0版本存在代码问题漏洞,该漏洞源于包含不受信任数据反序列化漏洞。
CVSS Information
N/A
Vulnerability Type
N/A