CVE-2022-24969

CVSS v3.1 6.1 (Medium)

CVSS v2.0 5.8 (Medium)

EPSS 0.13 % (49^th)

Affected Products 1

Advisories 1

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

Weaknesses

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-918: Server-Side Request Forgery (SSRF)

Related CVEs

CVE-2021-25640

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2022-06-09 16:15:08
(2 years ago)
Updated Date: 2022-06-15 18:56:30
(2 years ago)

Affected Products

Apache

Dubbo

Configuration #1

		CPE23	From	Up To
	Apache Dubbo prior 2.6.12 version	cpe:2.3:a:apache:dubbo		< 2.6.12
	Apache Dubbo from 2.7.0 version and prior 2.7.15 version	cpe:2.3:a:apache:dubbo	>= 2.7.0	< 2.7.15