Описание
Server-Side Request Forgery in Apache Dubbo
In Apache Dubbo prior to 2.6.9 and 2.7.10, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Пакеты
Наименование
org.apache.dubbo:dubbo
maven
Затронутые версииВерсия исправления
>= 2.5.0, < 2.7.10
2.7.10
Наименование
com.alibaba:dubbo
maven
Затронутые версииВерсия исправления
>= 2.5.0, < 2.6.9
2.6.9
Связанные уязвимости
CVSS3: 6.1
nvd
больше 4 лет назад
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.