CVE-2021-25640 Vulnerability in maven package org.apache.dubbo:dubbo

Description

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Remediation

References

https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E

Related Vulnerabilities

CVE-2023-49382 Vulnerability in maven package com.jfinal:jfinal

CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components

CVE-2019-1003089 Vulnerability in maven package ren.helloworld:upload-pgyer

CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io

CVE-2020-2262 Vulnerability in maven package org.jenkins-ci.plugins:android-lint

Severity

High

Classification

CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N