Vulnerabilities > Apache > Dubbo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-15 | CVE-2023-29234 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. | 9.8 |
| 2023-12-15 | CVE-2023-46279 | Deserialization of Untrusted Data vulnerability in Apache Dubbo 3.1.5 Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue. | 9.8 |
| 2023-03-08 | CVE-2023-23638 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. | 9.8 |
| 2023-01-03 | CVE-2021-32824 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo is a java based, open source RPC framework. | 9.8 |
| 2022-10-18 | CVE-2022-39198 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2022-06-09 | CVE-2022-24969 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
| 2022-01-10 | CVE-2021-43297 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2021-09-09 | CVE-2021-36161 | Use of Externally-Controlled Format String vulnerability in Apache Dubbo Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. | 9.8 |
| 2021-09-09 | CVE-2021-37579 | Deserialization of Untrusted Data vulnerability in Apache Dubbo The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. | 9.8 |
| 2021-09-07 | CVE-2021-36162 | Unspecified vulnerability in Apache Dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). | 8.8 |