Au5T1N

**Name of the Vulnerable Software and Affected Versions** Apache EventMesh versions prior to 1.11.0 **Description** The issue concerns the deserialization of untrusted data at the eventmesh-meta-raft plugin module in Apache EventMesh, allowing attackers to send controlled messages and execute remote code via the Hessian deserialization RPC protocol. This affects platforms such as Windows, Linux, and Mac OS. **Recommendations** For versions prior to 1.11.0, users can use the code under the master branch in the project repository or update to version 1.11.0 to fix this issue. As a temporary workaround, consider restricting access to the vulnerable `eventmesh-meta-raft` plugin module until a patch is available.