Lucene search
K

Exploit for Deserialization of Untrusted Data in Apache Dubbo

🗓️ 17 Jan 2022 12:26:18Reported by bitterzzZZType 
githubexploit
 githubexploit
🔗 github.com👁 751 Views

Exploit for Deserialization of Untrusted Data in Apache Dubbo. Dubbo Hessian-Lite 3.2.11 and earlier allows potential RCE attack due to serialization exception, potentially triggering malicious customized Bean's toString method

Related
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-43297
10 Jan 202216:15
attackerkb
Circl
CVE-2021-43297
14 Jan 202207:16
circl
CNNVD
Apache Dubbo 代码问题漏洞
10 Jan 202200:00
cnnvd
CNVD
Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)
14 Jan 202200:00
cnvd
CVE
CVE-2021-43297
10 Jan 202215:25
cve
Cvelist
CVE-2021-43297 Dubbo Hessian cause RCE when parse error
10 Jan 202215:25
cvelist
Github Security Blog
Deserialization of Untrusted Data in Dubbo
12 Jan 202222:51
github
NVD
CVE-2021-43297
10 Jan 202216:15
nvd
OSV
GHSA-VP5X-3V8R-QPRW Deserialization of Untrusted Data in Dubbo
12 Jan 202222:51
osv
Prion
Deserialization of untrusted data
10 Jan 202216:15
prion
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Dec 2023 06:17Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.15313
751