1. Home
  2. Packages
  3. maven
  4. com.alibaba
  5. dubbo

pkg:maven/com.alibaba/dubbo

Type maven
Namespace com.alibaba
Name dubbo

Known advisories, vulnerabilities and fixes for com.alibaba/dubbo package.

Repository
https://mvnrepository.com/artifact/com.alibaba/dubbo
Critical 3
Moderate 2
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 CVE-2021-30179
maven MAVEN:GHSA-5MC7-M686-P6JG Deserialization of Untrusted Data in Apache Dubbo critical 2022-03-18T17:57:32
(2 years ago)
Fixed = 2.7.10 = 2.6.9 CVE-2021-30179
maven MAVEN:GHSA-5MC7-M686-P6JG Deserialization of Untrusted Data in Apache Dubbo critical 2022-03-18T17:57:32
(2 years ago)
Affected >= 2.5.0, < 2.7.15 >= 2.5.0, < 2.6.12 CVE-2022-24969
maven MAVEN:GHSA-GM48-83X4-84JG Server-side request forgery in Apache Dubbo moderate 2022-06-10T00:00:56
(2 years ago)
Fixed = 2.7.15 = 2.6.12 CVE-2022-24969
maven MAVEN:GHSA-GM48-83X4-84JG Server-side request forgery in Apache Dubbo moderate 2022-06-10T00:00:56
(2 years ago)
Affected >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 CVE-2021-25640
maven MAVEN:GHSA-GW4J-4229-Q4PX Server-Side Request Forgery in Apache Dubbo moderate 2022-03-18T17:56:45
(2 years ago)
Fixed = 2.7.10 = 2.6.9 CVE-2021-25640
maven MAVEN:GHSA-GW4J-4229-Q4PX Server-Side Request Forgery in Apache Dubbo moderate 2022-03-18T17:56:45
(2 years ago)
Affected >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 CVE-2021-30181
maven MAVEN:GHSA-QMFC-6WWW-FJQW Code injection in Apache Dubbo critical 2022-03-18T17:57:04
(2 years ago)
Fixed = 2.7.10 = 2.6.9 CVE-2021-30181
maven MAVEN:GHSA-QMFC-6WWW-FJQW Code injection in Apache Dubbo critical 2022-03-18T17:57:04
(2 years ago)
Affected >= 2.5.0, < 2.7.8 >= 2.5.0, < 2.6.9 CVE-2021-25641
maven MAVEN:GHSA-V2RG-8CWR-75G8 Deserializer tampering in Apache Dubbo critical 2022-03-18T17:56:08
(2 years ago)
Fixed = 2.7.8 = 2.6.9 CVE-2021-25641
maven MAVEN:GHSA-V2RG-8CWR-75G8 Deserializer tampering in Apache Dubbo critical 2022-03-18T17:56:08
(2 years ago)