You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Albumen Kevin <al...@apache.org> on 2022/10/18 08:31:50 UTC

CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass

Severity: moderate

Description:

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. 

This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. 

Credit:

yemoli&cxc