'[oss-security] CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass
From:       Albumen Kevin <albumenj () apache ! org>
Date:       2022-10-18 8:31:50
Message-ID: ce33d3c3-e71a-87f5-509f-799e83919acd () apache ! org
[Download RAW message or body]

Severity: moderate

Description:

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, \
which could lead to malicious code execution. 

This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x \
version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. 

Credit:

yemoli&cxc

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic