CVE-2020-1948
N/A
N/A
Summary
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Apache Dubbo | Apache Dubbo 2.5.x, 2.6.0 to 2.6.8, 2.7.0 to 2.7.7 | affected |
Weaknesses
- Remote Code Execution through Deserialization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.