CVE-2024-47552Deserialization of Untrusted Data in Software Foundation Apache Seata

CWE-502Deserialization of Untrusted Data5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 64.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SeataApache Seata
Timeline
PublishedMar 20
Latest updateJun 28

Description

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architec

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/seata2.0.02.2.0
CVEListV5apache_software_foundation/apache_seata2.0.02.2.0+1

🔴Vulnerability Details

4
GHSA
Apache Seata Vulnerable to Deserialization of Untrusted Data2025-06-28
CVEList
Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server2025-03-20
OSV
Apache Seata Vulnerable to Deserialization of Untrusted Data2025-03-20
GHSA
Apache Seata Vulnerable to Deserialization of Untrusted Data2025-03-20
CVE-2024-47552 — Deserialization of Untrusted Data | cvebase