Nacos's Raft protocol

Nacos Raft Protocol Deserialization Code Execution Vulnerability

junho 9, 2023

Overview Recently, NSFOCUS CERT found that there was a deserialization vulnerability in Nacos’s Raft protocol. Due to the Nacos cluster’s unrestricted use of Hessian for deserialization when processing some Jraft requests, attackers can execute code. Affected users should take protective measures as soon as possible. Vulnerability Details Vulnerability PoC Vulnerability EXP Utilization in the wilderness […]


Inscreva-se no Blog da NSFOCUS