Description
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Remediation
References
https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
Related Vulnerabilities
CVE-2023-42277 Vulnerability in maven package cn.hutool:hutool-core
CVE-2022-4147 Vulnerability in maven package io.quarkus:quarkus-vertx-http-deployment
CVE-2021-40823 Vulnerability in npm package matrix-js-sdk
CVE-2018-1000632 Vulnerability in maven package dom4j:dom4j
CVE-2020-26870 Vulnerability in maven package org.webjars.bower:dompurify