Description
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Remediation
References
https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
Related Vulnerabilities
CVE-2020-2133 Vulnerability in maven package com.applatix.jenkins:applatix
CVE-2020-2161 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-10283 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library