61 matches found
CVE-2024-54016
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-54016 compression bomb attack in Apache Seata Server
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-54016
CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...
CVE-2024-54016 compression bomb attack in Apache Seata Server
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-54016 compression bomb attack in Apache Seata Server
Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating...
CVE-2024-47552
CVE-2024-47552 is a Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). The initial record lists affected versions: 2.0.0 before 2.2.0, with a fix in 2.2.0. Connected advisories extend the affected range to 2.0.0 through 2.3.0 and recommend upgrading to 2.3.0. Exploitati...
CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating...
CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating...
Apache Seata 安全漏洞
Apache Seata is an open source project from the Apache Foundation that provides high-performance and easy-to-use distributed transaction services in a microservices architecture. A security vulnerability exists in Apache Seata version 2.2.0 and earlier, which stems from improper handling of highl...
Apache Seata 代码问题漏洞
Apache Seata is the United States Apache Apache Foundation of a microservices architecture in the United States to provide high-performance and easy to use distributed transaction services in the open source project . Apache Seata suffers from a code issue vulnerability that stems from...
PT-2025-11949 · Apache · Apache Seata
Name of the Vulnerable Software and Affected Versions: Apache Seata incubating versions 2.0.0 through 2.1.x Description: The issue is related to the deserialization of untrusted data, which can lead to remote code execution. This issue affects Apache Seata incubating from version 2.0.0 before...
The vulnerability of the distribution and transaction optimization software in the Apache Seata microservice architecture, related to shortcomings in the deserialization mechanism, allows attackers to trigger service failures.
The vulnerability of distribution software and the improvement of transaction performance in the architecture of Apache Seata microservices is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to trigger service failures through a...
Apache Seata Deserialization Vulnerability
Apache Seata is an open source distributed transaction solution , is committed to providing high performance and easy to use distributed transaction services in the microservices architecture . Apache Seata suffers from a deserialization vulnerability that can be exploited by a remote attacker to...
Apache Seata Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...
GHSA-3XQ2-W6J4-C99R Apache Seata Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...
CVE-2024-22399
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...
CVE-2024-22399 Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...
CVE-2024-22399 Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...
CVE-2024-22399
CVE-2024-22399 describes a deserialization of untrusted data vulnerability in Apache Seata Server that can enable remote code execution when attackers exploit the Seata private protocol via serialized payloads. Affected are Seata versions ranging from 1.0.0 through 1.8.0 and 2.0.0, with exploitat...