Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache dubbo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39198
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo...
Apache Dubbo 3.1.0
Apache Dubbo
7.5
CVSSv2
CVE-2020-1948
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious...
Apache Dubbo
2 Github repositories
5.8
CVSSv2
CVE-2022-24969
bypass CVE-2021-25640 > In Apache Dubbo before 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
Apache Dubbo
7.5
CVSSv2
CVE-2021-25641
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions prior to 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, a...
Apache Dubbo
3 Github repositories
NA
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions before 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some ...
Apache Dubbo
7.5
CVSSv2
CVE-2021-36161
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Ap...
Apache Dubbo
7.5
CVSSv2
CVE-2021-36163
In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and theref...
Apache Dubbo
NA
CVE-2023-23638
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and pri...
Apache Dubbo
6 Github repositories
6.5
CVSSv2
CVE-2021-36162
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right end...
Apache Dubbo
1 Github repository
5.8
CVSSv2
CVE-2021-25640
In Apache Dubbo before 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Apache Dubbo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »