gongzhenbin opened a new issue, #7598: URL: https://github.com/apache/incubator-seata/issues/7598
### Check Ahead - [x] I have searched the [issues](https://github.com/seata/seata/issues) of this repository and believe that this is not a duplicate. - [ ] I am willing to try to implement this feature myself. ### Why you need it? I wanted to bring to your attention a security vulnerability I've identified in Seata 2.5.0, specifically related to its interaction with Spring. As we know, Spring framework has had its share of security issues in the past, and it seems that Seata 2.5.0 might be exposing itself to some of those risks. Due to a potential processing flow flaw in the Spring integration within Seata 2.5.0, there's a risk that attackers could remotely write backdoor files and modify configurations. This could then lead to unauthorized access and control over the target host. Applications using Spring or its derivative frameworks in combination with Seata 2.5.0, especially those running on JDK 9 and above, are particularly vulnerable. Given the importance of security in distributed transaction management, I believe it's crucial to address this issue as soon as possible. It would be great if the Seata development team could look into patching this vulnerability. Maybe a security audit of the Spring - related components in Seata could be a good starting point. Thank you for your time and for maintaining such a great open - source project. I look forward to seeing this resolved. Best regards ### How it could be? _No response_ ### Other related information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
