GitHub user anic closed a discussion: how to fix CVE-2024-22399
It seems that there is a hessian serialization Vulnerabilities in seata : https://avd.aliyun.com/detail?id=AVD-2024-22399×tamp__1384=Gqmx9D2D0DciitGkDlEIAYqQwR7zYNPFY4D http://www.openwall.com/lists/oss-security/2024/09/11/2 https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4 however we are using low version of seata (eg. seata 1.4.2), it's not easy to upgrade to version 1.8.1 which means a lot of tests should do. We wonder if there are any solution of configuration to fix CVE-2024-22399 ? For example to disable hessian and to use kyro as serialization GitHub link: https://github.com/apache/incubator-seata/discussions/7552 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
