Severity: moderate Affected versions:
- Apache Dubbo 3.1.0 through 3.1.10 - Apache Dubbo 3.2.0 through 3.2.4 Description: A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. Credit: Bofei Chen, Lei Zhang, Guangliang Yang, Keke Lian and Xinyou Huang (finder) References: https://dubbo.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-29234