CVE-2021-25640

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25640

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25640.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25640

Aliases

GHSA-gw4j-4229-q4px

Published

2021-06-01T14:15:09Z

Modified

2024-09-02T22:12:06Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

References

https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type: GIT
Repo: https://github.com/apache/dubbo
Events: Introduced

31ca18c712de2016795ba59f499f7c254f9281d5

Fixed

d895bf15d0dda6a69c552c6b06d5e452692bef53