Description

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

Remediation

References

https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo

http://www.openwall.com/lists/oss-security/2023/12/15/3

Related Vulnerabilities

CVE-2020-2118 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-githubnotify-step

CVE-2021-37404 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2023-28681 Vulnerability in maven package org.jenkins-ci.plugins:vs-code-metrics

CVE-2019-1003091 Vulnerability in maven package com.soasta.jenkins:cloudtest

CVE-2022-34787 Vulnerability in maven package hudson.plugins:project-inheritance

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory