Vulnerabilities > Apache > Dubbo > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-46279 Unspecified vulnerability in Apache Dubbo 3.1.5
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-12-15 CVE-2023-29234 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-03-08 CVE-2023-23638 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache
critical
9.8
2023-01-03 CVE-2021-32824 Unspecified vulnerability in Apache Dubbo
Apache Dubbo is a java based, open source RPC framework.
network
low complexity
apache
critical
9.8
2022-10-18 CVE-2022-39198 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache
critical
9.8
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
9.8
2021-09-09 CVE-2021-37579 Deserialization of Untrusted Data vulnerability in Apache Dubbo
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server.
network
low complexity
apache CWE-502
critical
9.8
2021-09-09 CVE-2021-36161 Use of Externally-Controlled Format String vulnerability in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method.
network
low complexity
apache CWE-134
critical
9.8
2021-09-07 CVE-2021-36163 Deserialization of Untrusted Data vulnerability in Apache Dubbo
In Apache Dubbo, users may choose to use the Hessian protocol.
network
low complexity
apache CWE-502
critical
9.8
2021-06-01 CVE-2021-30181 Unspecified vulnerability in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server.
network
low complexity
apache
critical
9.8