Vulnerabilities > Apache > Dubbo > 2.7.13

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2023-23638 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache
critical
 9.8
9.8
2022-10-18 CVE-2022-39198 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache
critical
 9.8
9.8
2022-06-09 CVE-2022-24969 Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
network
low complexity
apache CWE-918
6.1
6.1
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8