Dubbo@* Security Vulnerabilities and Issues — Dubbo@* CVE List

Lucene search

ApacheDubbo*

4 matches found

CVE•added 2023/03/08 11:15 a.m.•151 views

CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

9.8CVSS7.3AI score0.65594EPSS

CVE•added 2023/01/03 6:15 p.m.•64 views

CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to ...

9.8CVSS9.8AI score0.145EPSS

CVE•added 2023/12/15 9:15 a.m.•52 views

CVE-2023-29234

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

9.8CVSS9.5AI score0.87624EPSS

CVE•added 2023/12/15 9:15 a.m.•50 views

CVE-2023-46279

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

9.8CVSS9.5AI score0.01117EPSS