CVE-2021-25640

Summary

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache DubboApache Dubbo 2.7.x < 2.7.9affected
Apache Software FoundationApache DubboApache Dubbo 2.6.x < 2.6.9affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References