Apache has released security updates to address a critical vulnerability (CVE-2024-22399) affecting their Apache Seata product. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of the deserialisation of untrusted data vulnerability could allow an attacker to perform remote code execution by sending specially crafted bytecode to the Seata server.
The vulnerability affects the following product versions:
• Apache Seata version 1.0.0 to 1.8.0
• Apache Seata version 2.0.0
Users and administrators of affected product versions are advised to update to the latest versions immediately.
More information is available here: