VYPR
Critical severityNVD Advisory· Published May 31, 2021· Updated Aug 3, 2024

Apache Dubbo RCE on customers via Condition route poisoning (Unsafe YAML unmarshaling)

CVE-2021-30180

Description

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.dubbo:dubboMaven
>= 2.7.0, < 2.7.102.7.10

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.