Dubbo@* Security Vulnerabilities and Issues — Dubbo@* CVE List

Lucene search

ApacheDubbo*

3 matches found

CVE•added 2022/01/10 4:15 p.m.•89 views

CVE-2021-43297

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imf...

9.8CVSS9.7AI score0.4919EPSS

CVE•added 2022/06/09 4:15 p.m.•68 views

CVE-2022-24969

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

6.1CVSS6.1AI score0.02268EPSS

CVE•added 2022/10/18 7:15 p.m.•65 views

CVE-2022-39198

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1....

9.8CVSS9.6AI score0.0749EPSS