Vulnerabilities > Apache > Dubbo > 2.7.9

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2023-23638 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
9.8
2023-01-03 CVE-2021-32824 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Apache Dubbo is a java based, open source RPC framework.
network
low complexity
apache CWE-502
critical
9.8
2022-10-18 CVE-2022-39198 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
9.8
2022-06-09 CVE-2022-24969 Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
network
apache CWE-918
5.8
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
7.5
2021-09-09 CVE-2021-36161 Use of Externally-Controlled Format String vulnerability in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method.
network
low complexity
apache CWE-134
7.5
2021-09-09 CVE-2021-37579 Deserialization of Untrusted Data vulnerability in Apache Dubbo
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server.
network
low complexity
apache CWE-502
7.5
2021-09-07 CVE-2021-36162 Unspecified vulnerability in Apache Dubbo
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo).
network
low complexity
apache
6.5
2021-09-07 CVE-2021-36163 Deserialization of Untrusted Data vulnerability in Apache Dubbo
In Apache Dubbo, users may choose to use the Hessian protocol.
network
low complexity
apache CWE-502
7.5
2021-06-01 CVE-2021-30179 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces.
network
low complexity
apache CWE-502
critical
9.8