Apache Dubbo — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Apache Dubbo, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache

CVE ID	Title	CVSS	Severity	Published
CVE-2023-46279	Apache Dubbo: Bypass deny serialize list check in Apache Dubbo CWE-502	9.8	-	2023-12-15
CVE-2023-29234	Bypass serialize checks in Apache Dubbo CWE-502	9.8	-	2023-12-15
CVE-2023-23638	Apache Dubbo Deserialization Vulnerability Gadgets Bypass CWE-502	5.0	Medium	2023-03-08
CVE-2022-39198	Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass CWE-502	9.8	-	2022-10-18
CVE-2022-24969	bypass of CVE-2021-25640 CWE-918	6.1	-	2022-06-06
CVE-2021-43297	Dubbo Hessian cause RCE when parse error CWE-502	9.8	-	2022-01-10
CVE-2021-37579	Bypass deserialization checks in Apache Dubbo	9.8	-	2021-09-09
CVE-2021-36161	Unprotected input value toString cause RCE	9.8	-	2021-09-09
CVE-2021-36163	Unsafe deserialization in providers using the Hessian protocol	9.1	-	2021-09-07
CVE-2021-36162	Unprotected yaml deserialization cause RCE	8.8	-	2021-09-07
CVE-2021-30180	Apache Dubbo RCE on customers via Condition route poisoning (Unsafe YAML unmarshaling)	9.8	-	2021-05-31
CVE-2021-30179	Apache Dubbo Pre-auth RCE via Java deserialization in the Generic filter	9.8	-	2021-05-31
CVE-2021-25640	Open Redirect or SSRF vulnerability usage of parseURL CWE-918	8.2	-	2021-05-31
CVE-2021-30181	Apache Dubbo RCE on customers via Script route poisoning (Nashorn script injection)	9.8	-	2021-05-29
CVE-2021-25641	Dubbo Zookeeper does not check serialization id	9.8	-	2021-05-29
CVE-2020-11995	Apache Dubbo default deserialization protocol Hessian2 cause CRE CWE-502	9.8	-	2021-01-11
CVE-2020-1948	Apache Dubbo 代码问题漏洞	9.8	-	2020-07-14
CVE-2019-17564	Apache Dubbo 安全漏洞	9.8	-	2020-04-01

All 18 known CVE vulnerabilities affecting Apache Dubbo with full Chinese analysis, references, and POCs where available.