Remote Code Execution (RCE)

🗓️ 09 Mar 2023 12:49:43Reported by Veracode Vulnerability DatabaseType

org.apache.dubbo:dubbo-common RCE vulnerability due to unvalidated user inpu

Reporter	Title	Published	Views	Family All 20
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	11 Jul 202507:47	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	22 Mar 202311:23	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Dubbo	22 Mar 202311:23	–	githubexploit
BDU FSTEC	The vulnerability of the Apache Dubbo RPC framework, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.	13 Jun 202300:00	–	bdu_fstec
Circl	CVE-2023-23638	8 Mar 202314:23	–	circl
CNNVD	Apache Dubbo 代码问题漏洞	8 Mar 202300:00	–	cnnvd
CNVD	Apache Dubbo code issue vulnerability (CNVD-2023-23551)	11 Mar 202300:00	–	cnvd
CVE	CVE-2023-23638	8 Mar 202310:48	–	cve
Cvelist	CVE-2023-23638 Apache Dubbo Deserialization Vulnerability Gadgets Bypass	8 Mar 202310:48	–	cvelist
Github Security Blog	Apache Dubbo vulnerable to Deserialization of Untrusted Data	8 Mar 202312:30	–	github

Vulners

Node

apache dubbo-commonRange2.7.0–2.7.21java

apache dubbo-commonRange3.0.0.preview–3.0.13java

apache dubbo-commonRange3.1.0–3.1.5java

Source	Link
lists	www.lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb
github	www.github.com/apache/dubbo/commit/4f664f0a3d338673f4b554230345b89c580bccbb
github	www.github.com/apache/dubbo/pull/11430
github	www.github.com/apache/dubbo/pull/11431
github	www.github.com/apache/dubbo/commit/ce3b0e285a463b566a9d685049201bfaf526c8ac
github	www.github.com/apache/dubbo/pull/11419
github	www.github.com/apache/dubbo/commit/c71a05a58c9db46638417cc6ecee32be5508d92c
github	www.github.com/advisories/GHSA-933g-v89r-x8pf

07 Nov 2023 21:26Current

9.4High risk

Vulners AI Score9.4

CVSS 3.15 - 9.8

EPSS0.04847

SSVC