6 matches found
CVE-2022-39198
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +29 more potentially affected by CVE-2022-39198 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.11)
org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.github.shijingsh:common-dubbo =1.6.1 - com.github.shijingsh:common-dubbo-nacos =1.6.1 - com.github.shijingsh:common-web =1.6.1 - com.github.shijingsh:xs-entity =1.6.1 - com.github.shijingsh:xs-job...
cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +92 more potentially affected by CVE-2022-39198 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.17)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2022-39198 Source advisory: OSV:GHSA-5QWQ-G2HX-R6...
com.alibaba:dubbo-cluster (>=2.6.2 <=2.6.12), com.alibaba:dubbo-common (>=2.6.2 <=2.6.12) +73 more potentially affected by CVE-2022-39198 via com.alibaba:hessian-lite (>=2.6.2 <=3.2.12)
com.alibaba:hessian-lite MAVEN version =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.12 and more Source cves: CVE-2022-39198 Source advisory: OSV:GHSA-5QWQ-G2HX-R6F7...
CVE-2022-39198
The CVE-2022-39198 entry describes a deserialization vulnerability in dubbo hessian-lite prior to 3.2.12, which could allow arbitrary code execution. Affected software/components include dubbo hessian-lite 3.2.12 and earlier, impacting Apache Dubbo 2.7.x up to 2.7.17; 3.0.x up to 3.0.11; and 3.1....
CVE-2022-39198 Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...