CVE-2021-36161
CRITICAL9.8EPSS 2.7%Remote Code Execution in Apache Dubbo
發布日:2021/9/10修改日:2023/11/8
描述
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
受影響套件(1)
- Maven/org.apache.dubbo:dubbofrom 0, < 2.7.13
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |