Lucene search
China National Vulnerability DatabaseCNVD-2023-23551HistoryMar 11, 2023 - 12:00 a.m.
Apache Dubbo code issue vulnerability (CNVD-2023-23551)
2023-03-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
apache dubbo
insecure deserialization
malicious code execution
rpc framework
fault tolerance
load balancing
java-based
cnvd-2023-23551
apache foundation
automatic service registration
0.015 Low
EPSS
Percentile
86.9%
Apache Dubbo is a lightweight Java-based RPC (remote procedure call) framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists in Apache Dubbo, which stems from insecure deserialization of serialized data received by an application from a user, and could be exploited by an attacker to cause malicious code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache dubbo >=2.7.0, | le | 2.7.21 | |
| apache dubbo >=3.0.0, | le | 3.0.13 | |
| apache dubbo >=3.1.0, | le | 3.1.5 |
Related
prion
prion
Deserialization of untrusted data
2023-03-08 11:15:00
osv
osv
CVE-2023-23638
2023-03-08 11:15:10
Apache Dubbo vulnerable to Deserialization of Untrusted Data
2023-03-08 12:30:16
cvelist
cvelist
CVE-2023-23638 Apache Dubbo Deserialization Vulnerability Gadgets Bypass
2023-03-08 10:48:58
veracode
veracode
Remote Code Execution (RCE)
2023-03-09 12:49:43
cve
cve
CVE-2023-23638
2023-03-08 11:15:10
hivepro
hivepro
A Deserialization Vulnerability Found in Apache Dubbo
2023-03-23 08:02:42
nvd
nvd
CVE-2023-23638
2023-03-08 11:15:10
github
github
Apache Dubbo vulnerable to Deserialization of Untrusted Data
2023-03-08 12:30:16
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Dubbo
2023-03-22 11:23:44
Exploit for Deserialization of Untrusted Data in Apache Dubbo
2023-05-11 07:37:52