Vulnerabilities > Apache > Dubbo > 3.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-29234 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2023-03-08 CVE-2023-23638 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2022-10-18 CVE-2022-39198 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8