CVE-2021-30180

CVSS v3.1 9.8 (Critical)

CVSS v2.0 6.8 (Medium)

EPSS 0.30 % (70^th)

Affected Products 1

Advisories 1

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.

Weaknesses

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2021-06-01 14:15:09
(3 years ago)
Updated Date: 2021-06-10 16:08:48
(3 years ago)

Affected Products

Apache

Dubbo

Configuration #1

		CPE23	From	Up To
	Apache Dubbo from 2.7.0 version and prior 2.7.10 version	cpe:2.3:a:apache:dubbo	>= 2.7.0	< 2.7.10