Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache dubbo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39198
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo...
Apache Dubbo 3.1.0
Apache Dubbo
516
VMScore
CVE-2021-25640
In Apache Dubbo before 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Apache Dubbo
668
VMScore
CVE-2021-25641
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions prior to 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, a...
Apache Dubbo
3 Github repositories
516
VMScore
CVE-2022-24969
bypass CVE-2021-25640 > In Apache Dubbo before 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
Apache Dubbo
668
VMScore
CVE-2021-30179
Apache Dubbo before 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java...
Apache Dubbo
668
VMScore
CVE-2021-30181
Apache Dubbo before 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use Script...
Apache Dubbo
1 Github repository
668
VMScore
CVE-2020-11995
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in t...
Apache Dubbo
608
VMScore
CVE-2019-17564
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2...
Apache Dubbo
9 Github repositories
NA
CVE-2023-29234
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 up to and including 3.1.10, from 3.2.0 up to and including 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
Apache Dubbo
668
VMScore
CVE-2021-36161
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Ap...
Apache Dubbo
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »