Severity: moderate

Affected versions:

- Apache Dubbo 3.1.0 through 3.1.10
- Apache Dubbo 3.2.0 through 3.2.4

Description:

A deserialization vulnerability existed when decode a malicious package.This 
issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.

Users are recommended to upgrade to the latest version, which fixes the issue.

Credit:

Bofei Chen, Lei Zhang, Guangliang Yang, Keke Lian and Xinyou Huang (finder)

References:

https://dubbo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-29234

Reply via email to