Description
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/15/3
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
Related Vulnerabilities
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2017-7673 Vulnerability in maven package org.apache.openmeetings:openmeetings-web
CVE-2020-2181 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding
CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core