CVE-2020-1948 PoC — Apache Dubbo 代码问题漏洞

Source

https://github.com/richardzhangcmplx/Dubbo-deserialization

Associated Vulnerability

Title:Apache Dubbo 代码问题漏洞 (CVE-2020-1948)
Description:Apache Dubbo是美国阿帕奇软件（Apache Software）基金会的一款基于Java的轻量级RPC（远程过程调用）框架。该产品提供了基于接口的远程呼叫、容错和负载平衡以及自动服务注册和发现等功能。 Apache Dubbo 2.7.6及之前版本中的反序列化工具hessian存在安全漏洞。远程攻击者可利用该漏洞执行代码。

Description

[CVE-2020-1948] Apache Dubbo Provider default deserialization cause RCE

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!