logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2023-46279 org.apache.dubbo:dubbo

Package

Manager: maven
Name: org.apache.dubbo:dubbo
Vulnerable Version: =3.1.5 || >=3.1.5 <3.1.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01117 pctl0.77384

Details

Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

Metadata

Created: 2023-12-15T09:30:17Z
Modified: 2025-02-13T19:28:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-97rv-88gf-phvr/GHSA-97rv-88gf-phvr.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-97rv-88gf-phvr
Finding: F096
Auto approve: 1