CVE-2023-46279

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-46279

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46279.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46279

Aliases

GHSA-97rv-88gf-phvr

Published

2023-12-15T09:15:07.490Z

Modified

2025-11-20T12:19:53.754497Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type: GIT
Repo: https://github.com/apache/dubbo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

45e59887bb9a7362097bf8f9c6b64a390d9f2417

Affected versions

2.*

2.7.6

dubbo-2.*

dubbo-2.3.1

dubbo-2.3.2

dubbo-2.4.0

dubbo-2.4.1

dubbo-2.4.3

dubbo-2.5.1

dubbo-2.5.10

dubbo-2.5.4

dubbo-2.5.6

dubbo-2.5.7

dubbo-2.5.8

dubbo-2.5.9

dubbo-2.6.0

dubbo-2.6.1

dubbo-2.6.2

dubbo-2.7.0

dubbo-2.7.1

dubbo-2.7.4

dubbo-2.7.6

dubbo-2.7.7

dubbo-3.*

dubbo-3.0.0

dubbo-3.0.1

dubbo-3.0.10

dubbo-3.0.11

dubbo-3.0.12

dubbo-3.0.5

dubbo-3.0.9

dubbo-3.1.0

dubbo-3.1.1

dubbo-3.1.2

dubbo-3.1.3

dubbo-3.1.4

dubbo-3.1.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46279.json"