Description
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/15/3
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
Related Vulnerabilities
CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2022-34179 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status
CVE-2023-40345 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2020-36732 Vulnerability in maven package org.webjars.bower:crypto-js
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-model