Description
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/15/3
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
Related Vulnerabilities
CVE-2020-2304 Vulnerability in maven package org.jenkins-ci.plugins:subversion
CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2022-39975 Vulnerability in maven package com.liferay.portal:release.portal.bom
CVE-2023-37466 Vulnerability in npm package vm2
CVE-2023-20866 Vulnerability in maven package org.springframework.session:spring-session-core