Primary

Context

Apache Seata (incubating) Deserialization of Untrusted Data Vulnerability

Vulnerability

Patched

A deserialization of untrusted data vulnerability has been identified in Apache Seata (incubating) versions 2.0.0 prior to 2.3.0. This vulnerability allows for potential exploitation through improper handling of serialized data, which could be manipulated to achieve unintended effects. Users are advised to upgrade to version 2.3.0, which addresses this issue.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server where Apache Seata is running.

Remediation

Users should upgrade to Apache Seata version 2.3.0 or later, where this vulnerability has been fixed.

Added: Jun 28, 2025, 7:17 PM

Updated: Jun 28, 2025, 7:17 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Seata (incubating) Deserialization of Untrusted Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Seata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating