Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

Related Vulnerabilities: CVE-2023-46279  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Albumen Kevin &lt;albumenj () apache org&gt;

Date: Fri, 15 Dec 2023 05:49:54 +0000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Severity: important

Affected versions:

- Apache Dubbo 3.1.5

Description:

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

References:

https://dubbo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-46279

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Albumen Kevin (Dec 15)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started