[MAVEN:GHSA-97RV-88GF-PHVR] Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

Severity Critical

Affected Packages 1

Fixed Packages 1

CVEs 1

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

Package	Affected Version
pkg:maven/org.apache.dubbo/dubbo	= 3.1.5

Package	Fixed Version
pkg:maven/org.apache.dubbo/dubbo	= 3.1.6

ID: MAVEN:GHSA-97RV-88GF-PHVR
Severity: critical
URL: https://github.com/advisories/GHSA-97rv-88gf-phvr
Published: 2023-12-15T09:30:17
(9 months ago)
Modified: 2023-12-19T21:42:32
(9 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2023-46279
			https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
			http://www.openwall.com/lists/oss-security/2023/12/15/3
			https://github.com/advisories/GHSA-97rv-88gf-phvr

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.dubbo/dubbo	org.apache.dubbo	dubbo	= 3.1.5
Fixed	pkg:maven/org.apache.dubbo/dubbo	org.apache.dubbo	dubbo	= 3.1.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date