CVE-2023-46279

Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

EPSS 1.7%CWE-502

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

15 Dec 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

Affected products

Apache Software Foundation · Apache Dubbo

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo http://www.openwall.com/lists/oss-security/2023/12/15/3