2 matches found
GHSA-3XQ2-W6J4-C99R Apache Seata Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...
CVE-2024-22399 Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private...