GHSA-Q897-9JXF-JG9R Security check skip in Apache Dubbo

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

CVE-2021-37579

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

Deserialization of untrusted data

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

CVE-2021-37579

The CVE-2021-37579 entry concerns Apache Dubbo’s Dubbo Provider deserialization flow. The issue allows an attacker to bypass the configured security check and reach a deserialization operation using native Java serialization when an incoming request and its serialization type aren’t properly vali...

Apache Dubbo 代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A code issue vulnerability exists ...