Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.9 views

CVE-2021-37579

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

9.8CVSS6.9AI score0.06742EPSS
Exploits0References1
Circl
Circl
added 2021/09/18 1:45 p.m.6 views

CVE-2021-37579

creationtimestamp| type| source ---|---|--- 2021-09-18 13:45:14+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4326 2024-01-28 03:58:49+00:00| seen| https://t.me/arpsyndicate/3194...

9.8CVSS8.7AI score0.06742EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/09/10 5:56 p.m.5 views

cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +38 more potentially affected by CVE-2021-37579 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.15)

org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.chinagoods.framework.thinkcloud:think-cloud-starter-business =3.1.7.RELEASE - com.chinagoods.framework.thinkcloud:think-cloud-starter-controller =3.1.7.RELEASE -...

9.8CVSS7.2AI score0.06742EPSS
Exploits0
CVE
CVE
added 2021/09/09 7:45 a.m.85 views

CVE-2021-37579

The CVE-2021-37579 entry concerns Apache Dubbo’s Dubbo Provider deserialization flow. The issue allows an attacker to bypass the configured security check and reach a deserialization operation using native Java serialization when an incoming request and its serialization type aren’t properly vali...

9.8CVSS9.5AI score0.06742EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder