Lucene search

Veracode Vulnerability DatabaseVERACODE:45147

HistoryJan 24, 2024 - 7:23 a.m.

Remote Code Execution

2024-01-2407:23:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

remote code execution

com.alipay.sofa

sofa-rpc-all

deserialization

sofa hessian protocol

blacklist mechanism

gadget chain

jdk classes

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

com.alipay.sofa, sofa-rpc-all is vulnerable to Remote Code Execution. The vulnerability is caused due to insufficient blacklist mechanism to restrict deserialization of potentially dangerous classes within the SOFA Hessian protocol. An attacker can exploit this to bypass the SOFA Hessian blacklist protection mechanism by leveraging a gadget chain that relies on JDK classes, not on any third-party components.

CPENameOperatorVersion
sofa-rpc-allle5.11.1
sofa-rpc-allle5.11.1

CPE	Name	Operator	Version
	sofa-rpc-all	le	5.11.1
	sofa-rpc-all	le	5.11.1

References

github.com/sofastack/sofa-rpc/commit/42d19b1b1d14a25aafd9ef7c219c04a19f90fc76

github.com/sofastack/sofa-rpc/commit/d08e25824ae9feaf0876adba9acd2938f34759b1

github.com/sofastack/sofa-rpc/security/advisories/GHSA-7q8p-9953-pxvr

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for VERACODE:45147