Browse all 3 CVE security advisories affecting sofastack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sofastack is an open-source enterprise middleware platform providing distributed application solutions with core use cases in microservices governance and cloud-native development. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations and input validation flaws. The platform has faced security incidents, including a 2021 RCE vulnerability (CVE-2021-42392) affecting multiple components, and persistent issues with authentication bypass in its service mesh implementations. With three CVEs on record, security remains a concern, particularly around default configurations and third-party component dependencies.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-46983 | Remote Command Execution(RCE) Vulnerbility in sofa-hessian — sofa-hessianCWE-74 | 9.8 | Critical | 2024-09-19 |
| CVE-2024-23636 | SOFARPC Remote Command Execution(RCE) Vulnerbility — sofa-rpcCWE-502 | 9.8 | Critical | 2024-01-23 |
| CVE-2023-41331 | SOFARPC Remote Command Execution (RCE) Vulnerability — sofa-rpcCWE-917 | 9.8 | Critical | 2023-09-12 |
This page lists every published CVE security advisory associated with sofastack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.