2 matches found
CVE-2021-32824
Apache Dubbo (Java RPC framework) versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via the Telnet handler. An unprotected Telnet endpoint allows arbitrary bean inspection and shutdown, while the invoke handler processes arguments with FastJson then realises the...
CVE-2022-24969
Apache Dubbo prior to versions 2.6.12 and 2.7.15 has a vulnerability where the parseURL method bypasses the white host check. The issue can enable open redirection or server-side request forgery (SSRF) as described in CVE-2022-24969 and related advisories. Affected component: parseURL handling in...