cbcvebase.
CVE-2022-39198
published 2022-10-18

CVE-2022-39198: A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.35%
81.6th percentile
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.

Affected

6 ranges
VendorProductVersion rangeFixed in
apachedubbo
apachedubbo2.7.0 – 2.7.17
apachedubbo3.0.0 – 3.0.11
apache_software_foundationapache_dubboApache Dubbo 2.7.x – 2.7.17
apache_software_foundationapache_dubboApache Dubbo 3.0.x – 3.0.11
apache_software_foundationapache_dubboApache Dubbo 3.1.x – 3.1.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.