Description
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Remediation
References
https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
Related Vulnerabilities
CVE-2020-2120 Vulnerability in maven package org.jenkins-ci.plugins:fitnesse
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk18on
CVE-2021-21687 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-1003080 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer