70 matches found
EUVD-2020-23730
Malware in sbrugna...
EUVD-2024-2768
Malicious code in bioql PyPI...
ROS-20250526-08
Vulnerability in the soupheaderparsequalitylist function of the libsoup GUI library GNOME of Linux operating systems is related to a memory leak when parsing a quality list containing elements with all zeros. Exploitation of the vulnerability could allow an attacker acting remotely, gain access t...
CVE-2023-35839
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...
CVE-2024-23636
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
Remote Code Execution
com.alipay.sofa:hessian is vulnerable to Remote Code Execution. The vulnerability is due to a gadget chain that bypasses the SOFA Hessian protocol's blacklist protection mechanism. This gadget chain relies solely on JDK classes and does not require any third-party components. The issue is fixed i...
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
CVE-2024-46983
CVE-2024-46983 affects sofa-hessian (SOFA Hessian) where a gadget chain bypasses the blacklist that restricts deserialization. The vulnerability enables a dangerous chain using only JDK classes, with no third-party component reliance stated. The issue is addressed by updating the blacklist; upgra...
CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...
SOFA Hessian Remote Command Execution (RCE) Vulnerability
Impact SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on...
GHSA-C459-2M73-67HJ SOFA Hessian Remote Command Execution (RCE) Vulnerability
Impact SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on...
PT-2024-32317
Name of the Vulnerable Software and Affected Versions sofahessian versions prior to 3.5.5 Description The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. However, there is a gadget chain that can bypass the SOF...
SOFA-Hessian 注入漏洞
SOFA-Hessian is an open source binary serialization protocol. An injection vulnerability exists in SOFA-Hessian versions prior to 3.5.4, which stems from the presence of a deserialization vulnerability that allows bypassing the blacklisting mechanism...
com.alipay.sofa.koupleless:arklet-springboot-starter (>=2.1.0 <=2.1.11), com.alipay.sofa.koupleless:koupleless-base-starter (>=2.1.0 <=2.1.11) +8 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.2.0 <=3.2.7)
org.springframework.boot:spring-boot-loader MAVEN version =3.2.0, =2.1.0, =2.1.0, =4.2.0, =4.2.0, =3.1.0, =0.4.0, =4.3.0, =4.1.0, =4.1.0, =4.1.5 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...
com.alipay.sofa.koupleless:arklet-springboot-starter (>=1.0.0 <=1.4.2), com.alipay.sofa.koupleless:koupleless-base-starter (>=1.0.0 <=1.4.2) +84 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=2.7.0 <=2.7.2)
org.springframework.boot:spring-boot-loader MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.5.1, =0.5.1, =2.2.4, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2024-38807 Source advisory:...
Remote Code Execution
com.alipay.sofa, sofa-rpc-all is vulnerable to Remote Code Execution. The vulnerability is caused due to insufficient blacklist mechanism to restrict deserialization of potentially dangerous classes within the SOFA Hessian protocol. An attacker can exploit this to bypass the SOFA Hessian blacklis...
Remote Command Execution in SOFARPC
Impact SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian...