CVE-2023-23638

🗓️ 08 Mar 2023 10:48:58Reported by apacheType

A deserialization vulnerability in Apache Dubbo allows for malicious code execution

Reporter	Title	Published	Views	Family All 19
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	11 Jul 202507:47	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	22 Mar 202311:23	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	22 Mar 202311:23	–	githubexploit
Circl	CVE-2023-23638	8 Mar 202314:23	–	circl
CNNVD	Apache Dubbo 代码问题漏洞	8 Mar 202300:00	–	cnnvd
CNVD	Apache Dubbo code issue vulnerability (CNVD-2023-23551)	11 Mar 202300:00	–	cnvd
Cvelist	CVE-2023-23638 Apache Dubbo Deserialization Vulnerability Gadgets Bypass	8 Mar 202310:48	–	cvelist
Github Security Blog	Apache Dubbo vulnerable to Deserialization of Untrusted Data	8 Mar 202312:30	–	github
Hive Pro Threat Advisories	A Deserialization Vulnerability Found in Apache Dubbo	23 Mar 202308:02	–	hivepro
NVD	CVE-2023-23638	8 Mar 202311:15	–	nvd

NVD

Vulners

Node

apache dubboRange2.7.0–2.7.21

apache dubboRange3.0.0–3.0.13

apache dubboRange3.1.0–3.1.5

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Dubbo",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.7.21",
        "status": "affected",
        "version": "Apache Dubbo 2.7.x",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "3.0.13",
        "status": "affected",
        "version": "Apache Dubbo 3.0.x",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "3.1.5",
        "status": "affected",
        "version": "Apache Dubbo 3.1.x",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb

21 Nov 2024 07:46Current

7.3High risk

Vulners AI Score7.3

CVSS 3.15 - 9.8

EPSS0.50291

SSVC

CWE-502