Vulnerabilities > Apache > Dubbo > 2.6.10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-09 | CVE-2022-24969 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 5.8 |
| 2022-01-10 | CVE-2021-43297 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. | 7.5 |