VYPR
Critical severityNVD Advisory· Published Mar 8, 2023· Updated Oct 23, 2024

Apache Dubbo Deserialization Vulnerability Gadgets Bypass

CVE-2023-23638

Description

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.

This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.dubbo:dubboMaven
< 2.7.222.7.22
org.apache.dubbo:dubboMaven
>= 3.0.0, < 3.0.133.0.13
org.apache.dubbo:dubboMaven
>= 3.1.0, < 3.1.53.1.5

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.