CVE-2022-24969

Summary

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache DubboApache Dubbo 2.7.x < 2.7.15affected
Apache Software FoundationApache DubboApache Dubbo 2.6.x <= 2.6.12affected

Weaknesses

  • CWE-918: bypass CVE-2021-25640 (CWE-918 Server-Side Request Forgery (SSRF))

ADP Enrichment

CVE Program Container

Additional References

References