Security
Headlines

Headlines Latest CVEs

Headline

GHSA-933g-v89r-x8pf: Apache Dubbo vulnerable to Deserialization of Untrusted Data

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

1 year ago

#vulnerability #apache #git #java #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-23638

Apache Dubbo vulnerable to Deserialization of Untrusted Data

Moderate severity GitHub Reviewed Published Mar 8, 2023 to the GitHub Advisory Database • Updated Mar 8, 2023

Package

maven org.apache.dubbo:dubbo (Maven)

Affected versions

< 2.7.21

>= 3.0.0, < 3.0.13

>= 3.1.0, < 3.1.5

Patched versions

2.7.21

3.0.13

3.1.5

Published by the National Vulnerability Database

Mar 8, 2023

Published to the GitHub Advisory Database

Mar 8, 2023

Related news

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

1 year ago

#vulnerability #apache

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

1 day ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

1 day ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

1 day ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

1 day ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

1 day ago