CVE-2021-25640 Vulnerability in maven package org.apache.dubbo:dubbo

Description

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Remediation

References

https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E

Related Vulnerabilities

CVE-2021-26920 Vulnerability in maven package org.apache.druid:druid-core

CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2023-49068 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

CVE-2021-21686 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-2149 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N