Critical severityNVD Advisory· Published May 31, 2021· Updated Aug 3, 2024
Apache Dubbo RCE on customers via Condition route poisoning (Unsafe YAML unmarshaling)
CVE-2021-30180
Description
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.dubbo:dubboMaven | >= 2.7.0, < 2.7.10 | 2.7.10 |
Affected products
2- Apache Software Foundation/Apache Dubbov5Range: Apache Dubbo 2.7.x
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.