CVE-2019-17564: Deserialization of Untrusted Data

April 1, 2020 (updated April 3, 2020)

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo.

References

nvd.nist.gov/vuln/detail/CVE-2019-17564

Detect and mitigate CVE-2019-17564 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →