[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass
From: Albumen Kevin <albumenj () apache ! org>
Date: 2022-10-18 8:31:50
Message-ID: ce33d3c3-e71a-87f5-509f-799e83919acd () apache ! org
[Download RAW message or body]
Severity: moderate
Description:
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, \
which could lead to malicious code execution.
This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x \
version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
Credit:
yemoli&cxc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic