CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*

Information

Published : 2020-04-01 15:15

Updated : 2021-03-30 16:15


NVD link : CVE-2019-17564

Mitre link : CVE-2019-17564


JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa

Products Affected

apache

  • dubbo