CVE-2023-29234

Summary

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.

Users are recommended to upgrade to the latest version, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Dubbo3.1.0 <= 3.1.10affected
Apache Software FoundationApache Dubbo3.2.0 <= 3.2.4affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References