Description

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/15/3

https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo

Related Vulnerabilities

CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2022-34179 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status

CVE-2023-40345 Vulnerability in maven package org.jenkins-ci.plugins:delphix

CVE-2020-36732 Vulnerability in maven package org.webjars.bower:crypto-js

CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-model

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory NVD-CWE-noinfo