Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gm48-83x4-84jg: Server-side request forgery in Apache Dubbo

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

ghsa
Open in Source
#vulnerability#apache#java#ssrf#alibaba#maven

Package

maven com.alibaba:dubbo (Maven)

Affected versions

>= 2.5.0, < 2.6.12

Package

maven org.apache.dubbo:dubbo (Maven)

Affected versions

>= 2.5.0, < 2.7.15

Related news

CVE-2022-24969

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

ghsa: Latest News

GHSA-fm76-w8jw-xf8m: @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
ghsa