Sofastack Sofa-rpc
2 CVEs affecting Sofastack Sofa-rpc. Latest disclosed: 2024-01-23. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23636 | Critical | 9.8 | 2024-01-23 | SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a black… |
CVE-2023-41331 | Critical | 9.8 | 2023-09-12 | SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achi… |