### Key Information - **CVE Number**: CVE-2024-22399 - **Vulnerability Name**: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server - **Release Date**: September 11, 2024 - **Publisher**: Min Ji - **Severity**: Medium - **Affected Versions**: - Apache Seata 2.0.0 - Apache Seata 1.0.0 through 1.8.0 - **Description**: - Apache Seata: Untrusted Data vulnerability in Hessian Deserialization in versions 2.0.0, and from 1.0.0 through 1.8.0. - Users are advised to upgrade to version 2.1.0 or 1.8.1 to fix this issue. - **Discoverer**: X1r0z (exp10it666123@gmail.com) - **References**: - [Apache Seata Incubator](https://seata.incubator.apache.org) - [CVE-2024-22399](https://www.cve.org/CVERecord?id=CVE-2024-22399) ### Email Information - **Subject**: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server - **Sender**: dev@seata.apache.org - **Content**: - **Severity**: Medium - **Affected Versions**: - Apache Seata 2.0.0 - Apache Seata 1.0.0 through 1.8.0 - **Description**: - Apache Seata: Untrusted Data vulnerability in Hessian Deserialization in versions 2.0.0, and from 1.0.0 through 1.8.0. - Users are advised to upgrade to version 2.1.0 or 1.8.1 to fix this issue. - **Discoverer**: X1r0z (exp10it666123@gmail.com) - **References**: - [Apache Seata Incubator](https://seata.incubator.apache.org) - [CVE-2024-22399](https://www.cve.org/CVERecord?id=CVE-2024-22399) ### Email Signature - **Unsubscribe**: dev-unsubscribe@seata.apache.org - **More Help**: dev-help@seata.apache.org