CVE-2023-46279: Deserialization of Untrusted Data

December 15, 2023 (updated December 19, 2023)

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

www.openwall.com/lists/oss-security/2023/12/15/3
github.com/advisories/GHSA-97rv-88gf-phvr
lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
nvd.nist.gov/vuln/detail/CVE-2023-46279

Detect and mitigate CVE-2023-46279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →