oss-sec mailing list archives
CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass
From: Albumen Kevin <albumenj () apache org>
Date: Tue, 18 Oct 2022 08:31:50 +0000
Severity: moderate Description: A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. Credit: yemoli&cxc
Current thread:
- CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Oct 18)