Skip to content

Bypass serialize checks in Apache Dubbo

High severity GitHub Reviewed Published Dec 15, 2023 to the GitHub Advisory Database • Updated Dec 15, 2023

Package

maven org.apache.dubbo:dubbo (Maven)

Affected versions

>= 3.1.0, < 3.1.11
>= 3.2.0, < 3.2.5

Patched versions

3.1.11
3.2.5

Description

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

Published by the National Vulnerability Database Dec 15, 2023
Published to the GitHub Advisory Database Dec 15, 2023
Reviewed Dec 15, 2023
Last updated Dec 15, 2023

Severity

High

EPSS score

6.864%
(94th percentile)

Weaknesses

CVE ID

CVE-2023-29234

GHSA ID

GHSA-6x49-w35h-wqrj

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.