com.alibaba:dubbo

vulnerable: 2.5.0 ... 2.6.8 (20 versions)

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

vulnerable: 2.5.0 ... 2.6.8 (20 versions)

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by ta…

vulnerable: 2.5.0 ... 2.6.8 (20 versions)

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first a…

vulnerable: 2.5.0 ... 2.6.8 (20 versions)

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When pars…

vulnerable: 2.5.0 ... 2.6.9 (24 versions)

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.