VYPR

Maven package

org.apache.dubbo/dubbo-rpc-http-invoker

pkg:maven/org.apache.dubbo/dubbo-rpc-http-invoker

Vulnerabilities (1)

  • CVE-2019-17564Apr 1, 2020
    affected >= 2.5.0, < 2.7.5fixed 2.7.5

    Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2