oss-sec mailing list archives
CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass
From: Albumen Kevin <albumenj () apache org>
Date: Wed, 08 Mar 2023 08:46:26 +0000
Description: A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions. Credit: yemoli、R1ckyZ、Koishi、cxc (reporter) References: https://dubbo.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-23638
Current thread:
- CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Mar 08)