Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gm48-83x4-84jg: Server-side request forgery in Apache Dubbo

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

ghsa
#vulnerability#apache#java#ssrf#alibaba#maven

Package

maven com.alibaba:dubbo (Maven)

Affected versions

>= 2.5.0, < 2.6.12

Package

maven org.apache.dubbo:dubbo (Maven)

Affected versions

>= 2.5.0, < 2.7.15

Related news

CVE-2022-24969

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.