VYPR
Critical severityNVD Advisory· Published Dec 15, 2023· Updated Feb 13, 2025

Bypass serialize checks in Apache Dubbo

CVE-2023-29234

Description

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.

Users are recommended to upgrade to the latest version, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.dubbo:dubboMaven
>= 3.1.0, < 3.1.113.1.11
org.apache.dubbo:dubboMaven
>= 3.2.0, < 3.2.53.2.5

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.