Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unprotected input value toString cause RCE
Vulnerability Description
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Dubbo 格式化字符串错误漏洞
Vulnerability Description
Apache Dubbo是美国阿帕奇(Apache)基金会的一款基于Java的轻量级RPC(远程过程调用)框架。该产品提供了基于接口的远程呼叫、容错和负载平衡以及自动服务注册和发现等功能。 Apache Dubbo 存在格式化字符串错误漏洞,该漏洞源于 Dubbo 中的某些组件会尝试打印输入参数的格式化字符串,这可能会导致具有特殊 toString 方法的恶意定制 bean 的 RCE。
CVSS Information
N/A
Vulnerability Type
N/A