Lucene search

CVE-2023-23638

🗓️ 08 Mar 2023 11:10:15Reported by apacheType

cve🔗 web.nvd.nist.gov👁 133 Views🌐 WEB

A deserialization vulnerability in Apache Dubbo allows for malicious code execution

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 13
vulnrichment	CVE-2023-23638 Apache Dubbo Deserialization Vulnerability Gadgets Bypass	8 Mar 202310:48	–	vulnrichment
githubexploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	22 Mar 202311:23	–	githubexploit
githubexploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	22 Mar 202311:23	–	githubexploit
githubexploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	11 May 202307:37	–	githubexploit
github	Apache Dubbo vulnerable to Deserialization of Untrusted Data	8 Mar 202312:30	–	github
cvelist	CVE-2023-23638 Apache Dubbo Deserialization Vulnerability Gadgets Bypass	8 Mar 202310:48	–	cvelist
prion	Deserialization of untrusted data	8 Mar 202311:15	–	prion
osv	CVE-2023-23638	8 Mar 202311:15	–	osv
osv	Apache Dubbo vulnerable to Deserialization of Untrusted Data	8 Mar 202312:30	–	osv
veracode	Remote Code Execution (RCE)	9 Mar 202312:49	–	veracode

Nvd

Vulners

Node

apache dubboRange2.7.0–2.7.21

apache dubboRange3.0.0–3.0.13

apache dubboRange3.1.0–3.1.5

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Dubbo",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.7.21",
        "status": "affected",
        "version": "Apache Dubbo 2.7.x",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "3.0.13",
        "status": "affected",
        "version": "Apache Dubbo 3.0.x",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "3.1.5",
        "status": "affected",
        "version": "Apache Dubbo 3.1.x",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb

Parameter	Position	Path	Description	CWE
TARGET_IP	path	CVE-2023-23638.jar	The tool exploits a deserialization vulnerability in Apache Dubbo for remote command execution.	CWE-502
TARGET_PORT	path	CVE-2023-23638.jar	The tool exploits a deserialization vulnerability in Apache Dubbo for remote command execution.	CWE-502
COMMAND	path	CVE-2023-23638.jar	The tool exploits a deserialization vulnerability in Apache Dubbo for remote command execution.	CWE-502
CHARSET	path	CVE-2023-23638.jar	The tool exploits a deserialization vulnerability in Apache Dubbo for remote command execution.	CWE-502
TARGET_IP	path	CVE-2023-23638.jar	The tool performs a non-intrusive vulnerability check for the deserialization vulnerability in Apache Dubbo.	CWE-502
TARGET_PORT	path	CVE-2023-23638.jar	The tool performs a non-intrusive vulnerability check for the deserialization vulnerability in Apache Dubbo.	CWE-502
FILE_PATH	path	CVE-2023-23638.jar	The tool allows batch detection of the deserialization vulnerability in multiple targets listed in a file.	CWE-502

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Mar 2023 11:15Current

7.3High risk

Vulners AI Score7.3

CVSS35 - 9.8

EPSS0.65155

SSVC

CWE-502