Severity: low

The Dubbo Project Team

Versions Affected:
Dubbo 2.7.0 to 2.7.14
Dubbo 2.6.0 to 2.6.12

The fix of CVE-2021-25640 can be bypassed by certain means.
As stated in CVE-2021-25640, the usage of parseURL method will lead to the 
bypass of white host check which can cause open redirect or SSRF vulnerability.

Upgrade to 2.7.15 or the latest 3.0.x accordingly based on the version 
currently using. 

This issue was first reported by Oleg

Reply via email to