4 matches found
CVE-2021-37579
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...
CVE-2021-37579
creationtimestamp| type| source ---|---|--- 2021-09-18 13:45:14+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4326 2024-01-28 03:58:49+00:00| seen| https://t.me/arpsyndicate/3194...
cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +38 more potentially affected by CVE-2021-37579 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.15)
org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.chinagoods.framework.thinkcloud:think-cloud-starter-business =3.1.7.RELEASE - com.chinagoods.framework.thinkcloud:think-cloud-starter-controller =3.1.7.RELEASE -...
CVE-2021-37579
The CVE-2021-37579 entry concerns Apache Dubbo’s Dubbo Provider deserialization flow. The issue allows an attacker to bypass the configured security check and reach a deserialization operation using native Java serialization when an incoming request and its serialization type aren’t properly vali...