Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2021-30181

Published: 01/06/2021 Updated: 10/06/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Dubbo before 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache dubbo

Github Repositories

https://github.com/threedr3am/dubbo-exp

dubbo学习demo,之前删了,重新上传。

工具仅用于安全研究以及内部自查,禁止使用工具发起非法攻击,造成的后果使用者负责 Dubbo反序列化测试工具 零、编译&构建 mvn assembly:single 一、使用帮助 usage: java -jar expjar [OPTION] - -h --help 帮助信息 - -l --list 输出所有gadget信息

References

NVD-CWE-noinfohttps://lists.apache.org/thread.html/re22410dc704a09bc7032ddf15140cf5e7df3e8ece390fc9032ff5587%40%3Cdev.dubbo.apache.org%3Ehttps://nvd.nist.govhttps://github.com/threedr3am/dubbo-exp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316SQL injectiontype confusionCVE-2024-20697CVE-2024-4344localCVE-2024-30043CVE-2024-3821CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook