Lucene search
+L

61 matches found

NVD
NVD
added 2025/03/20 9:15 a.m.23 views

CVE-2024-54016

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.3CVSS0.00567EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 8:59 a.m.29 views

CVE-2024-54016 compression bomb attack in Apache Seata Server

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

0.00567EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 8:59 a.m.67 views

CVE-2024-54016

CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...

4.3CVSS6.5AI score0.00567EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 8:59 a.m.8 views

CVE-2024-54016 compression bomb attack in Apache Seata Server

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.7AI score0.00567EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 8:59 a.m.19 views

CVE-2024-54016 compression bomb attack in Apache Seata Server

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

4.3CVSS5.9AI score0.00567EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/20 8:58 a.m.10 views

CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating...

5.9AI score0.01088EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 8:58 a.m.88 views

CVE-2024-47552

CVE-2024-47552 is a Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). The initial record lists affected versions: 2.0.0 before 2.2.0, with a fix in 2.2.0. Connected advisories extend the affected range to 2.0.0 through 2.3.0 and recommend upgrading to 2.3.0. Exploitati...

9.8CVSS5.9AI score0.01088EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/03/20 8:58 a.m.26 views

CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating...

0.01088EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 8:58 a.m.8 views

CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating...

9.8CVSS7.2AI score0.01088EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

Apache Seata 安全漏洞

Apache Seata is an open source project from the Apache Foundation that provides high-performance and easy-to-use distributed transaction services in a microservices architecture. A security vulnerability exists in Apache Seata version 2.2.0 and earlier, which stems from improper handling of highl...

4.3CVSS6.5AI score0.00567EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Apache Seata 代码问题漏洞

Apache Seata is the United States Apache Apache Foundation of a microservices architecture in the United States to provide high-performance and easy to use distributed transaction services in the open source project . Apache Seata suffers from a code issue vulnerability that stems from...

9.8CVSS7.7AI score0.01088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.6 views

PT-2025-11949 · Apache · Apache Seata

Name of the Vulnerable Software and Affected Versions: Apache Seata incubating versions 2.0.0 through 2.1.x Description: The issue is related to the deserialization of untrusted data, which can lead to remote code execution. This issue affects Apache Seata incubating from version 2.0.0 before...

10CVSS7AI score0.01683EPSS
Exploits0References25
BDU FSTEC
BDU FSTEC
added 2024/10/16 12:0 a.m.10 views

The vulnerability of the distribution and transaction optimization software in the Apache Seata microservice architecture, related to shortcomings in the deserialization mechanism, allows attackers to trigger service failures.

The vulnerability of distribution software and the improvement of transaction performance in the architecture of Apache Seata microservices is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to trigger service failures through a...

10CVSS5.5AI score0.03286EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/09/18 12:0 a.m.10 views

Apache Seata Deserialization Vulnerability

Apache Seata is an open source distributed transaction solution , is committed to providing high performance and easy to use distributed transaction services in the microservices architecture . Apache Seata suffers from a deserialization vulnerability that can be exploited by a remote attacker to...

9.8CVSS7.6AI score0.03286EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/09/16 2:37 p.m.22 views

Apache Seata Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...

9.8CVSS7AI score0.03286EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/16 2:37 p.m.20 views

GHSA-3XQ2-W6J4-C99R Apache Seata Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...

9.2CVSS9.7AI score0.03286EPSS
Exploits0References3
NVD
NVD
added 2024/09/16 12:15 p.m.20 views

CVE-2024-22399

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...

9.8CVSS0.03286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/16 11:42 a.m.33 views

CVE-2024-22399 Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...

9.7AI score0.03286EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/16 11:42 a.m.29 views

CVE-2024-22399 Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...

0.03286EPSS
Exploits0References1
CVE
CVE
added 2024/09/16 11:42 a.m.61 views

CVE-2024-22399

CVE-2024-22399 describes a deserialization of untrusted data vulnerability in Apache Seata Server that can enable remote code execution when attackers exploit the Seata private protocol via serialized payloads. Affected are Seata versions ranging from 1.0.0 through 1.8.0 and 2.0.0, with exploitat...

9.8CVSS9.6AI score0.03286EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder