2 matches found
com.alipay.sofa:ark-sofa-boot (>=4.0.0-M1 <=4.0.0-M2), com.alipay.sofa:ark-sofa-boot-starter (>=4.0.0-M1 <=4.0.0-M2) +35 more potentially affected by CVE-2019-9212 via com.alipay.sofa:hessian (>=3.3.0 <=3.3.4)
com.alipay.sofa:hessian MAVEN version =3.3.0, =4.0.0-M1, =4.0.0-M1, =1.4.1, =2.5.0, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6, =6.5.6.20241001 and more Source cves: CVE-2019-9212 Source advisory: OSV:GHSA-PFWP-8PQ4-G7PV...
CVE-2019-9212
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...