CVE-2024-47552 in Seatainfo

Summary

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0.

Severity Justification:

The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable.

Users are recommended to upgrade to version 2.2.0, which fixes the issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

09/26/2024

Disclosure

03/20/2025

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
300101	Apache Seata deserialization	502	Not defined	Official fix	CVE-2024-47552

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!