Headline
GHSA-gm48-83x4-84jg: Server-side request forgery in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
Package
maven com.alibaba:dubbo (Maven)
Affected versions
>= 2.5.0, < 2.6.12
Package
maven org.apache.dubbo:dubbo (Maven)
Affected versions
>= 2.5.0, < 2.7.15
Related news
CVE-2022-24969
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.