Skip to main content

Sofa Hessian

2 CVEs product

Monthly

CVE-2024-46983 Maven CRITICAL PATCH Act Now

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sofa Hessian
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-9212 Maven CRITICAL PATCH Act Now

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Sofa Hessian
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sofa Hessian
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Sofa Hessian
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy