Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.7 views

CVE-2022-39198

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

9.8CVSS7.2AI score0.02351EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/10/19 12:0 p.m.4 views

cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +29 more potentially affected by CVE-2022-39198 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.11)

org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.github.shijingsh:common-dubbo =1.6.1 - com.github.shijingsh:common-dubbo-nacos =1.6.1 - com.github.shijingsh:common-web =1.6.1 - com.github.shijingsh:xs-entity =1.6.1 - com.github.shijingsh:xs-job...

9.8CVSS7.2AI score0.02351EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/19 12:0 p.m.5 views

cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +92 more potentially affected by CVE-2022-39198 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.17)

org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2022-39198 Source advisory: OSV:GHSA-5QWQ-G2HX-R6...

9.8CVSS7.7AI score0.02351EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/19 12:0 p.m.4 views

com.alibaba:dubbo-cluster (>=2.6.2 <=2.6.12), com.alibaba:dubbo-common (>=2.6.2 <=2.6.12) +73 more potentially affected by CVE-2022-39198 via com.alibaba:hessian-lite (>=2.6.2 <=3.2.12)

com.alibaba:hessian-lite MAVEN version =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.12 and more Source cves: CVE-2022-39198 Source advisory: OSV:GHSA-5QWQ-G2HX-R6F7...

9.8CVSS7.2AI score0.02351EPSS
Exploits0
CVE
CVE
added 2022/10/18 12:0 a.m.83 views

CVE-2022-39198

The CVE-2022-39198 entry describes a deserialization vulnerability in dubbo hessian-lite prior to 3.2.12, which could allow arbitrary code execution. Affected software/components include dubbo hessian-lite 3.2.12 and earlier, impacting Apache Dubbo 2.7.x up to 2.7.17; 3.0.x up to 3.0.11; and 3.1....

9.8CVSS9.6AI score0.02351EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/18 12:0 a.m.8 views

CVE-2022-39198 Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

7.6AI score0.02351EPSS
Exploits0References1
Rows per page
Query Builder