CVE-2023-29234

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29234

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29234.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29234

Aliases

GHSA-6x49-w35h-wqrj

Published

2023-12-15T09:15:07Z

Modified

2024-09-03T04:28:55.677299Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type: GIT
Repo: https://github.com/apache/dubbo
Events: Introduced

5cbd95b5d915e9ccad286532873a2b2d09510982

Last affected

aa63f26ab9c5ee4dd5d7543f3d42dec4034974c8

Introduced

db4007e44527451ceda23aa109b4123949b4210e

Last affected

cbb69a3fdfe66db6c8972d77b5239ba8decb0c9f

Affected versions

dubbo-3.*

dubbo-3.0.11

dubbo-3.0.12

dubbo-3.1.0

dubbo-3.1.1

dubbo-3.1.10

dubbo-3.1.2

dubbo-3.1.3

dubbo-3.1.4

dubbo-3.1.5

dubbo-3.1.6

dubbo-3.1.7

dubbo-3.1.8

dubbo-3.1.9

dubbo-3.2.0

dubbo-3.2.1

dubbo-3.2.2

dubbo-3.2.4