CVE-2023-46279

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-46279

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46279.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46279

Aliases

GHSA-97rv-88gf-phvr

Published

2023-12-15T09:15:07.490Z

Modified

2026-03-14T12:15:24.397527Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type

GIT

Repo

https://github.com/apache/dubbo

Events

Introduced

Last affected

45e59887bb9a7362097bf8f9c6b64a390d9f2417

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.5"
        }
    ]
}

Affected versions

2.*

2.7.6

dubbo-2.*

dubbo-2.3.1

dubbo-2.3.2

dubbo-2.4.0

dubbo-2.4.1

dubbo-2.4.3

dubbo-2.5.1

dubbo-2.5.10

dubbo-2.5.4

dubbo-2.5.6

dubbo-2.5.7

dubbo-2.5.8

dubbo-2.5.9

dubbo-2.6.0

dubbo-2.6.1

dubbo-2.6.2

dubbo-2.7.0

dubbo-2.7.1

dubbo-2.7.4

dubbo-2.7.6

dubbo-2.7.7

dubbo-3.*

dubbo-3.0.0

dubbo-3.0.1

dubbo-3.0.10

dubbo-3.0.11

dubbo-3.0.12

dubbo-3.0.5

dubbo-3.0.9

dubbo-3.1.0

dubbo-3.1.1

dubbo-3.1.2

dubbo-3.1.3

dubbo-3.1.4

dubbo-3.1.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46279.json"