CVE-2021-36163
maven/org.apache.dubbo/dubbo
Deserialization of Untrusted Data
In Apache Dubbo, users may choose to use the Hessian protocol.
All versions starting from 2.7.0 up to 2.7.12, all versions starting from 3.0.0 up to 3.0.1
Upgrade to versions 2.7.13, 3.0.2 or above.
2021-09-16
source |