Lucene search
+L

9 matches found

redhatcve
redhatcve
added 2025/05/22 5:24 p.m.4 views

CVE-2020-11995

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.8CVSS9.6AI score0.05839EPSS
Exploits0References1
osv
osv
added 2022/02/09 10:27 p.m.18 views

GHSA-74MG-6XQX-2VRQ Deserialization exploitation in Apache Dubbo

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.8CVSS9.7AI score0.05839EPSS
Exploits0References3
github
github
added 2022/02/09 10:27 p.m.67 views

Deserialization exploitation in Apache Dubbo

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.8CVSS4AI score0.05839EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2022/01/14 12:0 a.m.43 views

Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...

9.8CVSS2.7AI score0.15313EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/01/10 12:0 a.m.9 views

Apache Dubbo 代码问题漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...

9.8CVSS6.5AI score0.15313EPSS
Exploits1References2
nvd
nvd
added 2021/01/11 10:15 a.m.25 views

CVE-2020-11995

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.8CVSS9.7AI score0.05839EPSS
Exploits0References1
osv
osv
added 2021/01/11 10:15 a.m.17 views

CVE-2020-11995

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.8CVSS7.6AI score
Exploits0References1
prion
prion
added 2021/01/11 10:15 a.m.17 views

Deserialization of untrusted data

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

7.5CVSS9.6AI score0.05839EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/01/11 9:40 a.m.31 views

CVE-2020-11995 Apache Dubbo default deserialization protocol Hessian2 cause CRE

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.7AI score0.05839EPSS
Exploits0References1
Rows per page
Query Builder