Security
Headlines

Headlines Latest CVEs

Headline

GHSA-933g-v89r-x8pf: Apache Dubbo vulnerable to Deserialization of Untrusted Data

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

1 year ago

#vulnerability #apache #git #java #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-23638

Apache Dubbo vulnerable to Deserialization of Untrusted Data

Moderate severity GitHub Reviewed Published Mar 8, 2023 to the GitHub Advisory Database • Updated Mar 8, 2023

Package

maven org.apache.dubbo:dubbo (Maven)

Affected versions

< 2.7.21

>= 3.0.0, < 3.0.13

>= 3.1.0, < 3.1.5

Patched versions

2.7.21

3.0.13

3.1.5

Published by the National Vulnerability Database

Mar 8, 2023

Published to the GitHub Advisory Database

Mar 8, 2023

Related news

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

1 year ago

#vulnerability #apache

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

17 hours ago

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

17 hours ago

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

17 hours ago

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

17 hours ago

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

21 hours ago