Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-933g-v89r-x8pf: Apache Dubbo vulnerable to Deserialization of Untrusted Data

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

ghsa
#vulnerability#apache#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-23638

Apache Dubbo vulnerable to Deserialization of Untrusted Data

Moderate severity GitHub Reviewed Published Mar 8, 2023 to the GitHub Advisory Database • Updated Mar 8, 2023

Package

maven org.apache.dubbo:dubbo (Maven)

Affected versions

< 2.7.21

>= 3.0.0, < 3.0.13

>= 3.1.0, < 3.1.5

Patched versions

2.7.21

3.0.13

3.1.5

Published by the National Vulnerability Database

Mar 8, 2023

Published to the GitHub Advisory Database

Mar 8, 2023

Related news

CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.