Product
apache dubbo
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-46279
CVE-2023-29234
CVE-2023-23638
CVE-2021-32824
CVE-2022-39198
CVE-2022-24969
CVE-2021-43297
CVE-2021-37579
CVE-2021-36161
CVE-2021-36163
CVE-2021-36162
CVE-2021-30181
CVE-2021-30180
CVE-2021-30179
CVE-2021-25641
CVE-2021-25640
CVE-2020-11995
CVE-2020-1948
CVE-2019-17564
all versions
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended
>= 3.1.0 and <= 3.1.10
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.1
>= 2.7.0 and <= 2.7.21
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affe
< 2.6.10
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote cod
>= 2.7.0 and <= 2.7.17
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code
< 2.6.12
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the wh
>= 2.6.0 and < 2.6.12
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code
>= 2.7.0 and < 2.7.13
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration
>= 2.7.0 and < 2.7.13
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciou
>= 2.7.0 and <= 2.7.12
In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the b
>= 2.7.0 and <= 2.7.12
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules ar
>= 2.5.0 and < 2.6.10
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right serve
>= 2.7.0 and < 2.7.10
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules
>= 2.5.0 and <= 2.5.10
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These
>= 2.5.0 and < 2.6.9
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Du
>= 2.5.0 and < 2.6.9
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause
>= 2.5.0 and <= 2.5.10
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Mos
>= 2.5.0 and <= 2.5.10
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized
>= 2.5.0 and <= 2.5.10
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request wi