8 matches found
EUVD-2022-6051
Malicious code in bioql PyPI...
CVE-2021-25640
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...
cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +74 more potentially affected by CVE-2021-25640 +1 more via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.14)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2021-25640, CVE-2022-24969 Source advisory:...
Server-side request forgery in Apache Dubbo
bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the allowed host check which can cause open redirect or SSRF vulnerability...
Server side request forgery (ssrf)
bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability...
CVE-2022-24969 bypass of CVE-2021-25640
bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability...
CVE-2021-25640
CVE-2021-25640 affects Apache Dubbo prior to versions 2.6.12 and 2.7.15, where the parseURL method can bypass white-host checks, enabling open redirect or SSRF. Impacted components and exact root cause are described across multiple sources; exploitation status is not detailed here. Remediation is...
CVE-2021-25640 Open Redirect or SSRF vulnerability usage of parseURL
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...