Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-36161 Vulnerability in maven package org.apache.dubbo:dubbo-common

Description

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

Remediation

References

https://lists.apache.org/thread.html/r40212261fd5d638074b65f22ac73eebe93ace310c79d4cfcca4863da%40%3Cdev.dubbo.apache.org%3E

Related Vulnerabilities

CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common

CVE-2020-13953 Vulnerability in maven package org.apache.tapestry:tapestry-core

CVE-2019-10277 Vulnerability in maven package hudson.plugins:starteam

CVE-2020-20739 Vulnerability in npm package libvips

CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka_2.13

Severity

Critical

Classification

CWE-134 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory