Maven package
org.apache.dubbo/dubbo-rpc-http-invoker
pkg:maven/org.apache.dubbo/dubbo-rpc-http-invoker
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17564 | — | >= 2.5.0, < 2.7.5 | 2.7.5 | Apr 1, 2020 | Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2 |
- CVE-2019-17564Apr 1, 2020affected >= 2.5.0, < 2.7.5fixed 2.7.5
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2