Vulnerabilities > Apache > Dubbo > 3.1.5

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-29234 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2023-12-15 CVE-2023-46279 Deserialization of Untrusted Data vulnerability in Apache Dubbo 3.1.5
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2023-03-08 CVE-2023-23638 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8