2 matches found
Remote Code Execution (RCE)
dubbo-cluster is vulnerable to remote code execution. The vulnerability exists in the doInvoke function of BroadcastClusterInvoker.java as it does not properly handle FastJson when invoking the invoke handler and later processes in PojoUtils.realize, allowing an attacker to instantiate arbitrary...
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...