Maven package
org.apache.dubbo/dubbo-parent
pkg:maven/org.apache.dubbo/dubbo-parent
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32824 | — | < 2.6.10 | 2.6.10 | Jan 3, 2023 | Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers som | ||
| CVE-2020-11995 | — | >= 2.7.0, < 2.7.8 | 2.7.8 | Jan 11, 2021 | A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in t |
- CVE-2021-32824Jan 3, 2023affected < 2.6.10fixed 2.6.10
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers som
- CVE-2020-11995Jan 11, 2021affected >= 2.7.0, < 2.7.8fixed 2.7.8
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in t