Dubbo

CVEs (6)

• CVE-2023-29234Dec 15, 2023
  Apache

  Dubbo
  risk 0.07cvss —epss 0.89

  A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

• CVE-2023-23638Mar 8, 2023
  Apache

  Dubbo
  risk 0.04cvss —epss 0.50

  A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and…

• CVE-2022-39198Oct 18, 2022
  Apache

  Dubbo
  risk 0.01cvss —epss 0.10

  A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache…

• CVE-2023-46279Dec 15, 2023
  Apache

  Dubbo
  risk 0.00cvss —epss 0.01

  Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

• CVE-2021-32824Jan 3, 2023
  Apache

  Dubbo
  risk 0.00cvss —epss 0.06

  Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers…

• CVE-2020-11995Jan 11, 2021
  Apache

  Dubbo
  risk 0.00cvss —epss 0.02

  A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in…