com.alipay.sofa:hessian

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.alipay.sofa:hessianpage 1 of 1

CVE-2019-9212CRITICALCVSS 9.8✓ Fixed in 3.3.6
2019-02-27
vulnerable: 3.3.0 ... 3.3.5 (6 versions)
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, r…
CVE-2024-46983CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.5.5
2024-09-19
vulnerable: 3.3.0 ... 3.5.4 (21 versions)
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there …

Check whether com.alipay.sofa:hessian is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.alipay.sofa:hessian CVEs against the assets you own.

Start Free Scan →