Apache Dubbo is a lightweight Java-based RPC (remote procedure call) framework from the Apache Foundation. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code issue vulnerability exists in Apache Dubbo, which stems from the fact that the Dubbo Provider checks whether an incoming request and the serialization type corresponding to that request match the configuration set by the server. An attacker could use this exception to skip the security check (when enabled) and implement deserialization operations using native java serialization.
CPE | Name | Operator | Version |
---|---|---|---|
Apache Dubbo >=2.7.0, | lt | 2.7.13 | |
Apache Dubbo >=3.0.0, | lt | 3.0.2 |