{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46983", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-16T16:10:09.018Z", "datePublished": "2024-09-19T22:47:14.438Z", "dateUpdated": "2024-09-20T14:02:54.306Z"}, "containers": {"cna": {"title": "Remote Command Execution(RCE) Vulnerbility in sofa-hessian", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/sofastack/sofa-hessian/security/advisories/GHSA-c459-2m73-67hj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sofastack/sofa-hessian/security/advisories/GHSA-c459-2m73-67hj"}], "affected": [{"vendor": "sofastack", "product": "sofa-hessian", "versions": [{"version": "< 3.5.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-19T22:47:14.438Z"}, "descriptions": [{"lang": "en", "value": "sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`."}], "source": {"advisory": "GHSA-c459-2m73-67hj", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "antfin", "product": "sofa-hessian", "cpes": ["cpe:2.3:a:antfin:sofa-hessian:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.5.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-20T13:55:42.972642Z", "id": "CVE-2024-46983", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T14:02:54.306Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-20T13:55:42.972642Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:antfin:sofa-hessian:*:*:*:*:*:*:*:*"], "vendor": "antfin", "product": "sofa-hessian", "versions": [{"status": "affected", "version": "0", "lessThan": "3.5.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T14:02:48.733Z"}}], "cna": {"title": "Remote Command Execution(RCE) Vulnerbility in sofa-hessian", "source": {"advisory": "GHSA-c459-2m73-67hj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "sofastack", "product": "sofa-hessian", "versions": [{"status": "affected", "version": "< 3.5.5"}]}], "references": [{"url": "https://github.com/sofastack/sofa-hessian/security/advisories/GHSA-c459-2m73-67hj", "name": "https://github.com/sofastack/sofa-hessian/security/advisories/GHSA-c459-2m73-67hj", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-19T22:47:14.438Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46983", "state": "PUBLISHED", "dateUpdated": "2024-09-20T14:02:54.306Z", "dateReserved": "2024-09-16T16:10:09.018Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-19T22:47:14.438Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:antfin:sofa-hessian:*:*:*:*:*:*:*:*", "matchCriteriaId": "40BEC4BD-1D1B-4904-9DF2-4F7E9EFD3A05", "versionEndExcluding": "3.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`."}, {"lang": "es", "value": "sofa-hessian es una versi\u00f3n interna mejorada de Hessian3/4 desarrollada por Ant Group CO., Ltd. El protocolo SOFA Hessian utiliza un mecanismo de lista negra para restringir la deserializaci\u00f3n de clases potencialmente peligrosas para la protecci\u00f3n de la seguridad. Pero hay una cadena de gadgets que puede eludir el mecanismo de protecci\u00f3n de lista negra de SOFA Hessian, y esta cadena de gadgets solo se basa en JDK y no depende de ning\u00fan componente de terceros. Este problema se soluciona con una actualizaci\u00f3n de la lista negra; los usuarios pueden actualizar a la versi\u00f3n 3.5.5 de sofahessian para evitar este problema. Los usuarios que no puedan actualizar pueden mantener una lista negra ellos mismos en el directorio `external/serialize.blacklist`."}], "id": "CVE-2024-46983", "lastModified": "2024-09-25T17:46:48.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-19T23:15:11.920", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/sofastack/sofa-hessian/security/advisories/GHSA-c459-2m73-67hj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}