Vulnerabilities > Apache > Dubbo > 2.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 7.5 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
| 2021-06-01 | CVE-2021-30180 | HTTP Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 6.8 |
| 2021-06-01 | CVE-2021-30181 | Unspecified vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. | 7.5 |
| 2021-01-11 | CVE-2020-11995 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. | 7.5 |
| 2020-07-14 | CVE-2020-1948 | Deserialization of Untrusted Data vulnerability in Apache Dubbo This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. | 7.5 |
| 2020-04-01 | CVE-2019-17564 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. | 6.8 |