CVE-2021-25640 Vulnerability in maven package org.apache.dubbo:dubbo

Description

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Remediation

References

https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E

Related Vulnerabilities

CVE-2020-2133 Vulnerability in maven package com.applatix.jenkins:applatix

CVE-2020-2161 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-10283 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library

Severity

High

Classification

CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N