GHSA-97rv-88gf-phvr

Suggest an improvement
Source
https://github.com/advisories/GHSA-97rv-88gf-phvr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-97rv-88gf-phvr/GHSA-97rv-88gf-phvr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-97rv-88gf-phvr
Aliases
Published
2023-12-15T09:30:17Z
Modified
2023-12-19T21:42:31Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Details

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

Affected packages

Maven / org.apache.dubbo:dubbo

Package

Name
org.apache.dubbo:dubbo
View open source insights on deps.dev
Purl
pkg:maven/org.apache.dubbo/dubbo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.5
Fixed
3.1.6

Affected versions

3.*

3.1.5