CVE-2023-29234
published 2023-12-15CVE-2023-29234: A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.40%
93.7th percentile
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.
Users are recommended to upgrade to the latest version, which fixes the issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | dubbo | 3.1.0 – 3.1.10 | — |
| apache | dubbo | 3.2.0 – 3.2.4 | — |
| apache_software_foundation | apache_dubbo | 3.1.0 – 3.1.10 | — |
| apache_software_foundation | apache_dubbo | 3.2.0 – 3.2.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Bypass serialize checks in Apache Dubbo
ghsa·2023-12-15
CVE-2023-29234 [CRITICAL] CWE-502 Bypass serialize checks in Apache Dubbo
Bypass serialize checks in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.
Users are recommended to upgrade to the latest version, which fixes the issue.
OSV
Bypass serialize checks in Apache Dubbo
osv·2023-12-15
CVE-2023-29234 [CRITICAL] Bypass serialize checks in Apache Dubbo
Bypass serialize checks in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.
Users are recommended to upgrade to the latest version, which fixes the issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-15
Published