Known Vulnerabilities for Dubbo by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Dubbo" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24969 | bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of t... | 6.1 - MEDIUM | 2022-06-09 | 2022-06-15 |
| CVE-2021-36163 | In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes ... | 9.8 - CRITICAL | 2021-09-07 | 2021-09-14 |
| CVE-2021-36162 | Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rul... | 8.8 - HIGH | 2021-09-07 | 2021-09-14 |
| CVE-2021-36161 | Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a mal... | 9.8 - CRITICAL | 2021-09-09 | 2021-09-17 |
| CVE-2021-32824 | Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remot... | 9.8 - CRITICAL | 2023-01-03 | 2023-01-10 |
| CVE-2021-30181 | Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right ... | 9.8 - CRITICAL | 2021-06-01 | 2021-06-10 |
| CVE-2021-30180 | Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These ... | 9.8 - CRITICAL | 2021-06-01 | 2021-06-10 |
| CVE-2021-30179 | Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. ... | 9.8 - CRITICAL | 2021-06-01 | 2023-11-07 |
| CVE-2021-25641 | Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But f... | 9.8 - CRITICAL | 2021-06-01 | 2021-06-10 |
| CVE-2021-25640 | In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can ... | 6.1 - MEDIUM | 2021-06-01 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Dubbo | 2.7.8 | All | All | All |
| Application | Apache | Dubbo | 2.7.7 | All | All | All |
| Application | Apache | Dubbo | 2.7.6 | All | All | All |
| Application | Apache | Dubbo | 2.7.5 | All | All | All |
| Application | Apache | Dubbo | 2.7.4.1 | All | All | All |
| Application | Apache | Dubbo | 2.7.4 | All | All | All |
| Application | Apache | Dubbo | 2.7.3 | All | All | All |
| Application | Apache | Dubbo | 2.7.2 | All | All | All |
| Application | Apache | Dubbo | 2.7.1 | All | All | All |
| Application | Apache | Dubbo | 2.7.0 | All | All | All |
| Application | Apache | Dubbo | 2.6.9 | All | All | All |
| Application | Apache | Dubbo | 2.6.8 | All | All | All |
| Application | Apache | Dubbo | 2.6.7 | All | All | All |
| Application | Apache | Dubbo | 2.6.6 | All | All | All |
| Application | Apache | Dubbo | 2.6.5 | All | All | All |
| Application | Apache | Dubbo | 2.6.4 | All | All | All |
| Application | Apache | Dubbo | 2.6.3 | All | All | All |
| Application | Apache | Dubbo | 2.6.2 | All | All | All |
| Application | Apache | Dubbo | 2.6.1 | All | All | All |
| Application | Apache | Dubbo | 2.6.0 | All | All | All |