CVE-2023-46279

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
9.8CRITICAL
EPSS
1.5%
top 18.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache DubboApache Dubbo
Timeline
PublishedDec 15

Description

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Mavenorg.apache.dubbo:dubbo3.1.53.1.6
NVDapache/dubbo3.1.5

🔴Vulnerability Details

3
OSV
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo2023-12-15
GHSA
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo2023-12-15
CVEList
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo2023-12-15
CVE-2023-46279 (CRITICAL CVSS 9.8) | Deserialization of Untrusted Data v | cvebase.io