Vulnerabilities > Apache > Dubbo > 2.6.10.1

DATE CVE VULNERABILITY TITLE RISK
2022-06-09 CVE-2022-24969 Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
network
low complexity
apache CWE-918
6.1
6.1
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8