Lucene search
K

5 matches found

NVD
NVD
added 2021/09/09 8:15 a.m.27 views

CVE-2021-37579

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

9.8CVSS0.06742EPSS
Exploits0References1
OSV
OSV
added 2021/09/09 8:15 a.m.30 views

CVE-2021-37579

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

9.8CVSS9.5AI score
Exploits0References1
OSV
OSV
added 2021/09/09 8:15 a.m.14 views

CVE-2021-36161

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

9.8CVSS9.4AI score
Exploits0References1
Prion
Prion
added 2021/09/09 8:15 a.m.15 views

Format string

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

7.5CVSS9.4AI score0.02467EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 7:45 a.m.31 views

CVE-2021-36161 Unprotected input value toString cause RCE

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

9.7AI score0.02467EPSS
Exploits0References1
Rows per page
Query Builder