We found results for “”
CVE-2021-30181
Good to know:
Date: June 1, 2021
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version com.alibaba:dubbo-cluster:2.6.10;com.alibaba:dubbo:2.6.10;org.apache.dubbo:dubbo-cluster:2.7.10;org.apache.dubbo:dubbo:2.7.10
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |