pkg:maven/com.alibaba/dubbo
Type
maven
Namespace
com.alibaba
Name
dubbo
Known advisories, vulnerabilities and fixes for com.alibaba/dubbo package.
Critical
3
Moderate
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 |
CVE-2021-30179
|
MAVEN:GHSA-5MC7-M686-P6JG | Deserialization of Untrusted Data in Apache Dubbo | critical |
2022-03-18T17:57:32
(2 years ago) |
|
Fixed | = 2.7.10 = 2.6.9 |
CVE-2021-30179
|
MAVEN:GHSA-5MC7-M686-P6JG | Deserialization of Untrusted Data in Apache Dubbo | critical |
2022-03-18T17:57:32
(2 years ago) |
|
Affected | >= 2.5.0, < 2.7.15 >= 2.5.0, < 2.6.12 |
CVE-2022-24969
|
MAVEN:GHSA-GM48-83X4-84JG | Server-side request forgery in Apache Dubbo | moderate |
2022-06-10T00:00:56
(2 years ago) |
|
Fixed | = 2.7.15 = 2.6.12 |
CVE-2022-24969
|
MAVEN:GHSA-GM48-83X4-84JG | Server-side request forgery in Apache Dubbo | moderate |
2022-06-10T00:00:56
(2 years ago) |
|
Affected | >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 |
CVE-2021-25640
|
MAVEN:GHSA-GW4J-4229-Q4PX | Server-Side Request Forgery in Apache Dubbo | moderate |
2022-03-18T17:56:45
(2 years ago) |
|
Fixed | = 2.7.10 = 2.6.9 |
CVE-2021-25640
|
MAVEN:GHSA-GW4J-4229-Q4PX | Server-Side Request Forgery in Apache Dubbo | moderate |
2022-03-18T17:56:45
(2 years ago) |
|
Affected | >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 |
CVE-2021-30181
|
MAVEN:GHSA-QMFC-6WWW-FJQW | Code injection in Apache Dubbo | critical |
2022-03-18T17:57:04
(2 years ago) |
|
Fixed | = 2.7.10 = 2.6.9 |
CVE-2021-30181
|
MAVEN:GHSA-QMFC-6WWW-FJQW | Code injection in Apache Dubbo | critical |
2022-03-18T17:57:04
(2 years ago) |
|
Affected | >= 2.5.0, < 2.7.8 >= 2.5.0, < 2.6.9 |
CVE-2021-25641
|
MAVEN:GHSA-V2RG-8CWR-75G8 | Deserializer tampering in Apache Dubbo | critical |
2022-03-18T17:56:08
(2 years ago) |
|
Fixed | = 2.7.8 = 2.6.9 |
CVE-2021-25641
|
MAVEN:GHSA-V2RG-8CWR-75G8 | Deserializer tampering in Apache Dubbo | critical |
2022-03-18T17:56:08
(2 years ago) |