3 matches found
com.addplus9:addplus_action_dubbo (>=0.0.1 <=1.0.0), com.alibaba.csp:sentinel-apache-dubbo-adapter (>=1.5.1 <=1.7.0) +28 more potentially affected by CVE-2021-30179 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.1)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =0.0.1, =1.5.1, =2.0.1, =0.1.3, =2.4.0, =2.4.0, =2.4.0, =1.0.0, =1.0, =1.2.4, =2.7.0, =1.3.1, =1.3.1, =1.4.4 and more Source cves: CVE-2021-30179 Source advisory: OSV:GHSA-5MC7-M686-P6JG...
CVE-2021-30179
creationtimestamp| type| source ---|---|--- 2021-06-26 13:48:07+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3699 2021-08-02 20:29:04+00:00| published-proof-of-concept| Telegram/Tvd8QL4SENBdyhrOX8ClGh5gThmxL9slOp2aXg1VdaPgg 2023-12-30 23:05:25+00:00| seen|...
CVE-2021-30179
Apache Dubbo CVE-2021-30179 affects versions prior to 2.6.9 and 2.7.9. The vulnerability arises because GenericFilter allows generic calls to arbitrary methods on provider interfaces, using Java Reflection. The invocation of $invoke/$invokeAsync uses a first argument method name, parameter types,...