SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Apache
Sofa Hessian
NVD
GitHub
CVSS 3.0
9.8
EPSS
2.8%