pkg:maven/org.apache.dubbo/dubbo
Type
maven
Namespace
org.apache.dubbo
Name
dubbo
Known advisories, vulnerabilities and fixes for org.apache.dubbo/dubbo package.
Critical
12
High
2
Moderate
2
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 |
CVE-2021-30179
|
 MAVEN:GHSA-5MC7-M686-P6JG
|
Deserialization of Untrusted Data in Apache Dubbo | critical |
2022-03-18T17:57:32
(2 years ago) |
|
| Fixed | = 2.7.10 = 2.6.9 |
CVE-2021-30179
|
MAVEN:GHSA-5MC7-M686-P6JG
|
Deserialization of Untrusted Data in Apache Dubbo | critical |
2022-03-18T17:57:32
(2 years ago) |
|
| Affected | = 3.1.0 >= 3.0.0, <= 3.0.11 >= 2.7.0, <= 2.7.17 |
CVE-2022-39198
|
MAVEN:GHSA-5QWQ-G2HX-R6F7
|
Hessian Lite for Apache Dubbo deserialization vulnerability | critical |
2022-10-19T12:00:22
(23 months ago) |
|
| Fixed | = 3.1.1 = 3.0.12 = 2.7.18 |
CVE-2022-39198
|
MAVEN:GHSA-5QWQ-G2HX-R6F7
|
Hessian Lite for Apache Dubbo deserialization vulnerability | critical |
2022-10-19T12:00:22
(23 months ago) |
|
| Affected | >= 3.2.0, < 3.2.5 >= 3.1.0, < 3.1.11 |
CVE-2023-29234
|
MAVEN:GHSA-6X49-W35H-WQRJ
|
Bypass serialize checks in Apache Dubbo | high |
2023-12-15T09:30:17
(9 months ago) |
|
| Fixed | = 3.2.5 = 3.1.11 |
CVE-2023-29234
|
MAVEN:GHSA-6X49-W35H-WQRJ
|
Bypass serialize checks in Apache Dubbo | high |
2023-12-15T09:30:17
(9 months ago) |
|
| Affected | >= 2.7.0, < 2.7.10 |
CVE-2021-30180
|
MAVEN:GHSA-7WFC-X4F7-GG2X
|
Code injection in Apache Dubbo | critical |
2022-03-18T17:58:01
(2 years ago) |
|
| Fixed | = 2.7.10 |
CVE-2021-30180
|
MAVEN:GHSA-7WFC-X4F7-GG2X
|
Code injection in Apache Dubbo | critical |
2022-03-18T17:58:01
(2 years ago) |
|
| Affected | < 2.7.21 >= 3.1.0, < 3.1.5 >= 3.0.0, < 3.0.13 |
CVE-2023-23638
|
MAVEN:GHSA-933G-V89R-X8PF
|
Apache Dubbo vulnerable to Deserialization of Untrusted Data | critical |
2023-03-08T12:30:16
(18 months ago) |
|
| Fixed | = 2.7.22 = 3.1.5 = 3.0.13 |
CVE-2023-23638
|
MAVEN:GHSA-933G-V89R-X8PF
|
Apache Dubbo vulnerable to Deserialization of Untrusted Data | critical |
2023-03-08T12:30:16
(18 months ago) |
|
| Affected | = 3.1.5 |
CVE-2023-46279
|
MAVEN:GHSA-97RV-88GF-PHVR
|
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo | critical |
2023-12-15T09:30:17
(9 months ago) |
|
| Fixed | = 3.1.6 |
CVE-2023-46279
|
MAVEN:GHSA-97RV-88GF-PHVR
|
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo | critical |
2023-12-15T09:30:17
(9 months ago) |
|
| Affected | <= 2.6.10 >= 2.7.0, < 2.7.13 |
CVE-2021-36163
|
MAVEN:GHSA-CPX9-4RWV-486V
|
Hessian protocol configuration vulnerability in Apache Dubbo | critical |
2021-09-08T20:14:14
(3 years ago) |
|
| Fixed | = 2.6.10.1 = 2.7.13 |
CVE-2021-36163
|
MAVEN:GHSA-CPX9-4RWV-486V
|
Hessian protocol configuration vulnerability in Apache Dubbo | critical |
2021-09-08T20:14:14
(3 years ago) |
|
| Affected | >= 2.5.0, < 2.7.15 >= 2.5.0, < 2.6.12 |
CVE-2022-24969
|
MAVEN:GHSA-GM48-83X4-84JG
|
Server-side request forgery in Apache Dubbo | moderate |
2022-06-10T00:00:56
(2 years ago) |
|
| Fixed | = 2.7.15 = 2.6.12 |
CVE-2022-24969
|
MAVEN:GHSA-GM48-83X4-84JG
|
Server-side request forgery in Apache Dubbo | moderate |
2022-06-10T00:00:56
(2 years ago) |
|
| Affected | >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 |
CVE-2021-25640
|
MAVEN:GHSA-GW4J-4229-Q4PX
|
Server-Side Request Forgery in Apache Dubbo | moderate |
2022-03-18T17:56:45
(2 years ago) |
|
| Fixed | = 2.7.10 = 2.6.9 |
CVE-2021-25640
|
MAVEN:GHSA-GW4J-4229-Q4PX
|
Server-Side Request Forgery in Apache Dubbo | moderate |
2022-03-18T17:56:45
(2 years ago) |
|
| Affected | >= 3.0.0, < 3.0.2 < 2.7.13 |
CVE-2021-37579
|
MAVEN:GHSA-Q897-9JXF-JG9R
|
Security check skip in Apache Dubbo | critical |
2021-09-10T17:56:23
(3 years ago) |
|
| Fixed | = 3.0.2 = 2.7.13 |
CVE-2021-37579
|
MAVEN:GHSA-Q897-9JXF-JG9R
|
Security check skip in Apache Dubbo | critical |
2021-09-10T17:56:23
(3 years ago) |
|
| Affected | >= 2.5.0, < 2.7.10 >= 2.5.0, < 2.6.9 |
CVE-2021-30181
|
MAVEN:GHSA-QMFC-6WWW-FJQW
|
Code injection in Apache Dubbo | critical |
2022-03-18T17:57:04
(2 years ago) |
|
| Fixed | = 2.7.10 = 2.6.9 |
CVE-2021-30181
|
MAVEN:GHSA-QMFC-6WWW-FJQW
|
Code injection in Apache Dubbo | critical |
2022-03-18T17:57:04
(2 years ago) |
|
| Affected | < 2.7.13 |
CVE-2021-36161
|
MAVEN:GHSA-QVM7-23CJ-437V
|
Remote Code Execution in Apache Dubbo | critical |
2021-09-10T17:54:37
(3 years ago) |
|
| Fixed | = 2.7.13 |
CVE-2021-36161
|
MAVEN:GHSA-QVM7-23CJ-437V
|
Remote Code Execution in Apache Dubbo | critical |
2021-09-10T17:54:37
(3 years ago) |
|
| Affected | >= 3.0.0, < 3.0.2 < 2.7.13 |
CVE-2021-36162
|
MAVEN:GHSA-R577-4HQ7-73QH
|
Remote Code Execution in Apache Dubbo | high |
2021-09-08T20:14:24
(3 years ago) |
|
| Fixed | = 3.0.2 = 2.7.13 |
CVE-2021-36162
|
MAVEN:GHSA-R577-4HQ7-73QH
|
Remote Code Execution in Apache Dubbo | high |
2021-09-08T20:14:24
(3 years ago) |
|
| Affected | >= 2.5.0, < 2.7.8 >= 2.5.0, < 2.6.9 |
CVE-2021-25641
|
MAVEN:GHSA-V2RG-8CWR-75G8
|
Deserializer tampering in Apache Dubbo | critical |
2022-03-18T17:56:08
(2 years ago) |
|
| Fixed | = 2.7.8 = 2.6.9 |
CVE-2021-25641
|
MAVEN:GHSA-V2RG-8CWR-75G8
|
Deserializer tampering in Apache Dubbo | critical |
2022-03-18T17:56:08
(2 years ago) |
|
| Affected | >= 3.0.0, < 3.0.5 >= 2.7.0, < 2.7.15 >= 2.6.0, < 2.6.12 |
CVE-2021-43297
|
MAVEN:GHSA-VP5X-3V8R-QPRW
|
Deserialization of Untrusted Data in Dubbo | critical |
2022-01-12T22:51:04
(2 years ago) |
|
| Fixed | = 3.0.5 = 2.7.15 = 2.6.12 |
CVE-2021-43297
|
MAVEN:GHSA-VP5X-3V8R-QPRW
|
Deserialization of Untrusted Data in Dubbo | critical |
2022-01-12T22:51:04
(2 years ago) |
|
| Affected | < 2.7.7 |
CVE-2020-1948
|
MAVEN:GHSA-WHWW-V56C-CGV2
|
Deserialization of Untrusted Data in Apache Dubbo | critical |
2022-02-10T22:39:17
(2 years ago) |
|
| Fixed | = 2.7.7 |
CVE-2020-1948
|
MAVEN:GHSA-WHWW-V56C-CGV2
|
Deserialization of Untrusted Data in Apache Dubbo | critical |
2022-02-10T22:39:17
(2 years ago) |