oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass

From: Albumen Kevin <albumenj () apache org>
Date: Tue, 18 Oct 2022 08:31:50 +0000
Severity: moderate

Description:

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to 
malicious code execution. 

This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior 
versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. 

Credit:

yemoli&cxc
Previous By Date Next
Previous By Thread Next

Current thread: