CVE-2021-25640
Description
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.705
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-30179,CVE-2021-30181,CVE-2021-25640,CVE-2021-25641 are fixed in Alibaba-dubbo 2.6.9 | Windows |
| Vulnerabilities CVE-2021-30180,CVE-2021-30179,CVE-2021-30181,CVE-2021-25640 are fixed in Apache-dubbo 2.7.10 | Windows |
| Vulnerabilities CVE-2021-30179,CVE-2021-30181,CVE-2021-25640,CVE-2021-25641 are fixed in Alibaba-dubbo for Linux 2.6.9 | Linux |
| Vulnerabilities CVE-2021-30180,CVE-2021-30179,CVE-2021-30181,CVE-2021-25640 are fixed in Apache-dubbo for Linux 2.7.10 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234