CVE-2022-24969

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24969

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24969.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24969

Aliases

GHSA-gm48-83x4-84jg

Published

2022-06-09T16:15:08.340Z

Modified

2026-02-13T08:48:26.749359Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

References

https://lists.apache.org/thread/1xbckc3467wfk5r7n2o44r2brdsbwxgr

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type: GIT
Repo: https://github.com/apache/dubbo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0aee8101665262c64122e5fa2c683ef834faff10

Introduced

614bcebc01336ee5047a98f96b28915680c0399c

Fixed

767620aeddfc84d2299e8ab6f754e56a5ce5a265

Affected versions

2.*

2.7.6

dubbo-2.*

dubbo-2.7.0

dubbo-2.7.1

dubbo-2.7.10

dubbo-2.7.11

dubbo-2.7.12

dubbo-2.7.13

dubbo-2.7.4

dubbo-2.7.6

dubbo-2.7.7

dubbo-2.7.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24969.json"