CVE-2021-30181

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.30 % (70^th)

Affected Products 1

Advisories 1

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2021-06-01 14:15:09
(3 years ago)
Updated Date: 2021-06-10 16:05:07
(3 years ago)

Affected Products

Apache

Dubbo

Configuration #1

		CPE23	From	Up To
	Apache Dubbo from 2.5.0 version and prior 2.6.10 version	cpe:2.3:a:apache:dubbo	>= 2.5.0	< 2.6.10
	Apache Dubbo from 2.7.0 version and prior 2.7.10 version	cpe:2.3:a:apache:dubbo	>= 2.7.0	< 2.7.10