Description
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
Remediation
References
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
http://www.openwall.com/lists/oss-security/2023/12/15/3
Related Vulnerabilities
CVE-2020-2263 Vulnerability in maven package org.jenkins-ci.plugins:radiatorviewplugin
CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-broker
CVE-2022-24999 Vulnerability in maven package org.webjars.bower:qs
CVE-2016-0706 Vulnerability in maven package org.apache.tomcat:tomcat-catalina