CVE-2023-46279

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/12/15/3	Mailing List Vendor Advisory
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/12/15/3	Mailing List Vendor Advisory
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:dubbo:3.1.5:*:*:*:*:*:*:*

History

13 Feb 2025, 18:15

Type	Values Removed	Values Added
Summary	~~(en) Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.~~	(en) Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

Information

Published : 2023-12-15 09:15

Updated : 2025-02-13 18:15

NVD link : CVE-2023-46279

Mitre link : CVE-2023-46279

CVE.ORG link : CVE-2023-46279

JSON object : View

Products Affected

apache

dubbo

CWE

CWE-502

Deserialization of Untrusted Data

9.8 /10