Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-25935
HistoryJan 06, 2023 - 12:00 a.m.

Apache Dubbo code issue vulnerability (CNVD-2023-25935)

2023-01-0600:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
apache dubbo
java-based rpc
remote procedure call
vulnerability
code issue
pre-authorized
remote code execution
telnet handlers
arbitrary bean operations
exploitation
cnvd-2023-25935

EPSS

0.003

Percentile

67.9%

Apache Dubbo is a lightweight Java-based RPC (remote procedure call) framework from the Apache Foundation. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.Apache Dubbo suffers from a code issue vulnerability that stems from vulnerability to pre-authorized remote code execution attacks via arbitrary bean operations in Telnet handlers, which can be exploited by attackers to achieve remote code execution.

EPSS

0.003

Percentile

67.9%