Description
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Remediation
References
https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
Related Vulnerabilities
CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder
CVE-2019-10476 Vulnerability in maven package org.jenkins-ci.plugins:zulip
CVE-2022-23710 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-35887 Vulnerability in maven package org.apache.sshd:sshd-common
CVE-2023-32071 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates