CVE-2023-23638
published 2023-03-08CVE-2023-23638: A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.85%
90.9th percentile
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | dubbo | 2.7.0 – 2.7.21 | — |
| apache | dubbo | 3.0.0 – 3.0.13 | — |
| apache | dubbo | 3.1.0 – 3.1.5 | — |
| apache_software_foundation | apache_dubbo | Apache Dubbo 2.7.x – 2.7.21 | — |
| apache_software_foundation | apache_dubbo | Apache Dubbo 3.0.x – 3.0.13 | — |
| apache_software_foundation | apache_dubbo | Apache Dubbo 3.1.x – 3.1.5 | — |
| squid | squid | >= 0 < 4.10-1ubuntu1.10 | 4.10-1ubuntu1.10 |
| squid | squid | >= 0 < 5.7-0ubuntu0.22.04.4 | 5.7-0ubuntu0.22.04.4 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
squid vulnerabilities
osv·2024-04-10·CVSS 7.5
CVE-2023-49288 squid vulnerabilities
squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)
Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked
decoder. A r
OSV
Apache Dubbo vulnerable to Deserialization of Untrusted Data
osv·2023-03-08
CVE-2023-23638 [CRITICAL] Apache Dubbo vulnerable to Deserialization of Untrusted Data
Apache Dubbo vulnerable to Deserialization of Untrusted Data
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
GHSA
Apache Dubbo vulnerable to Deserialization of Untrusted Data
ghsa·2023-03-08
CVE-2023-23638 [CRITICAL] CWE-502 Apache Dubbo vulnerable to Deserialization of Untrusted Data
Apache Dubbo vulnerable to Deserialization of Untrusted Data
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-08
Published