Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.seata/seata-config-core@2.3.0
Typemaven
Namespaceorg.apache.seata
Nameseata-config-core
Version2.3.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-t49m-8npg-q3ah
vulnerability_id VCID-t49m-8npg-q3ah
summary 
Apache Seata Vulnerable to Deserialization of Untrusted Data
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow.
This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.

The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32897
reference_id
reference_type
scores
0
value 0.00523
scoring_system epss
scoring_elements 0.67309
published_at 2026-06-06T12:55:00Z
1
value 0.00523
scoring_system epss
scoring_elements 0.67279
published_at 2026-06-08T12:55:00Z
2
value 0.00523
scoring_system epss
scoring_elements 0.67296
published_at 2026-06-07T12:55:00Z
3
value 0.00523
scoring_system epss
scoring_elements 0.67302
published_at 2026-06-05T12:55:00Z
4
value 0.00523
scoring_system epss
scoring_elements 0.67295
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32897
1
reference_url https://github.com/apache/incubator-seata
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/incubator-seata
2
reference_url https://github.com/apache/incubator-seata/commit/20cd9625d23f99b71fefc83b8db96c14092a9950
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-30T14:55:17Z/
url https://github.com/apache/incubator-seata/commit/20cd9625d23f99b71fefc83b8db96c14092a9950
3
reference_url https://lists.apache.org/thread/9fhtf7yvpjpzlwd1m0wfgg6tp2btxpy1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-30T14:55:17Z/
url https://lists.apache.org/thread/9fhtf7yvpjpzlwd1m0wfgg6tp2btxpy1
4
reference_url https://www.cve.org/CVERecord?id=CVE-2024-47552
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-30T14:55:17Z/
url https://www.cve.org/CVERecord?id=CVE-2024-47552
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32897
reference_id CVE-2025-32897
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32897
6
reference_url https://github.com/advisories/GHSA-m964-fjrh-xxq2
reference_id GHSA-m964-fjrh-xxq2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m964-fjrh-xxq2
fixed_packages
0
url pkg:maven/org.apache.seata/seata-config-core@2.3.0
purl pkg:maven/org.apache.seata/seata-config-core@2.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.seata/seata-config-core@2.3.0
aliases CVE-2025-32897, GHSA-m964-fjrh-xxq2
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t49m-8npg-q3ah
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.seata/seata-config-core@2.3.0