📦 Dubbo

This CVE describes a deserialization vulnerability in Apache Dubbo that allows remote code execution when processing malicious packages. Attackers can exploit this to execute arbitrary code on affecte...

A deserialization vulnerability in Apache Dubbo's Hessian-lite serialization protocol allows remote attackers to execute arbitrary code by sending specially crafted data. This affects Apache Dubbo ver...

CVE-2021-36161 is a remote code execution vulnerability in Apache Dubbo where maliciously crafted beans with special toString methods can trigger code execution when their arguments are formatted for ...

Apache Dubbo's Hessian protocol implementation has a critical deserialization vulnerability that allows unauthenticated remote code execution. Attackers can exploit this by sending malicious POST requ...

CVE-2021-25641 is a critical deserialization vulnerability in Apache Dubbo that allows remote unauthenticated attackers to force servers to use insecure deserialization protocols. Attackers can exploi...

CVE-2021-30179 is a critical remote code execution vulnerability in Apache Dubbo that allows attackers to execute arbitrary Java code by exploiting insecure Java deserialization in generic RPC calls. ...

Apache Dubbo prior to versions 2.6.9 and 2.7.9 contains a remote code execution vulnerability in its Script routing feature. Attackers can exploit this by submitting malicious routing rules that get e...

CVE-2020-11995 is a critical deserialization vulnerability in Apache Dubbo that allows remote attackers to execute arbitrary code by sending specially crafted serialized objects. This affects Dubbo 2....

CVE-2021-36162 is a remote code execution vulnerability in Apache Dubbo that allows attackers with access to the configuration center to poison YAML routing rules. When vulnerable Dubbo consumers retr...