3 matches found
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
cc.chensoul.nacos:core-test (=2.5.2), cc.chensoul.nacos:nacos-address (=2.5.2) +381 more potentially affected by CVE-2024-46983 via com.alipay.sofa:hessian (>=3.3.0 <=3.5.4)
com.alipay.sofa:hessian MAVEN version =3.3.0, =3.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on com.alipay.sofa:hessian and may be impacted: - cc.chensoul.nacos:core-test =2.5.2 - cc.chensoul.nacos:nacos-address =2.5.2 - cc.chensoul.nacos:nacos-cm...