3 matches found
CVE-2020-1948
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More detai...
cc.akkaha:pea-dubbo_2.12 (>=0.6.0 <=0.7.0), cc.akkaha:pea_2.12 (>=0.6.0 <=0.7.0) +230 more potentially affected by CVE-2020-1948 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.6)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =0.6.0, =0.6.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =1.0.0, =0.1.3, =0.1.0, =1.00, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.1.RELEASE and more Source cves: CVE-2020-1948 Source advisory: OSV:GHSA-WHWW-V56C-CGV2...
CVE-2020-1948
CVE-2020-1948 affects Apache Dubbo before 2.7.8 (and related versions) where deserialization of untrusted data in RPC requests can trigger remote code execution. The vulnerability targets the Dubbo Provider component and allows an attacker to send RPC calls with unrecognized service/method names ...