CVE-2023-23638, GHSA-933g-v89r-x8pf
maven/org.apache.dubbo/dubbo
Deserialization of Untrusted Data
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
All versions before 2.7.21, all versions starting from 3.0.0 before 3.0.13, all versions starting from 3.1.0 before 3.1.5
Upgrade to versions 2.7.21, 3.0.13, 3.1.5 or above.
2023-03-09
source |