18 matches found
Remote Code Execution (RCE)
org.apache.dubbo:dubbo is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization handling in hessian-lite during exception logging, which allows an attacker to execute malicious code through crafted serialized data...
EUVD-2022-7031
Malicious code in bioql PyPI...
CVE-2022-39198
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
CVE-2021-43297
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...
GHSA-5QWQ-G2HX-R6F7 Hessian Lite for Apache Dubbo deserialization vulnerability
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
com.alibaba:dubbo-cluster (>=2.6.2 <=2.6.12), com.alibaba:dubbo-common (>=2.6.2 <=2.6.12) +73 more potentially affected by CVE-2022-39198 via com.alibaba:hessian-lite (>=2.6.2 <=3.2.12)
com.alibaba:hessian-lite MAVEN version =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.2, =2.6.12 and more Source cves: CVE-2022-39198 Source advisory: OSV:GHSA-5QWQ-G2HX-R6F7...
Hessian Lite for Apache Dubbo deserialization vulnerability
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
Deserialization of Untrusted Data
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
CVE-2022-39198
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
PT-2022-24799 · Apache · Apache Dubbo +1
Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.7.17 and prior Apache Dubbo versions 3.0.11 and prior Apache Dubbo versions 3.1.0 and prior dubbo hessian-lite versions 3.2.12 and earlier Description: A deserialization vulnerability existed in dubbo hessian-lite, whi...
CVE-2022-39198
The CVE-2022-39198 entry describes a deserialization vulnerability in dubbo hessian-lite prior to 3.2.12, which could allow arbitrary code execution. Affected software/components include dubbo hessian-lite 3.2.12 and earlier, impacting Apache Dubbo 2.7.x up to 2.7.17; 3.0.x up to 3.0.11; and 3.1....
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2021-43297 Vulnerability Description There is a poten...
Deserialization of Untrusted Data in Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...
GHSA-VP5X-3V8R-QPRW Deserialization of Untrusted Data in Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...
CVE-2021-43297
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...
CVE-2021-43297
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...
Deserialization of untrusted data
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...
CVE-2021-43297
CVE-2021-43297 describes a deserialization vulnerability in dubbo Hessian-Lite 3.2.11 and earlier that could enable remote code execution when Hessian mishandles deserialization. Affected are Apache Dubbo versions: 2.6.x before 2.6.12, 2.7.x before 2.7.15, and 3.0.x before 3.0.5. The root cause i...