oss-sec mailing list archives
CVE-2023-29234: Bypass serialize checks in Apache Dubbo
From: Albumen Kevin <albumenj () apache org>
Date: Fri, 15 Dec 2023 05:47:29 +0000
Severity: moderate Affected versions: - Apache Dubbo 3.1.0 through 3.1.10 - Apache Dubbo 3.2.0 through 3.2.4 Description: A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. Credit: Bofei Chen, Lei Zhang, Guangliang Yang, Keke Lian and Xinyou Huang (finder) References: https://dubbo.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-29234
Current thread:
- CVE-2023-29234: Bypass serialize checks in Apache Dubbo Albumen Kevin (Dec 15)