CVE-2022-24969
Description
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
2.387
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-24969 are fixed in Alibaba-dubbo 2.6.12 | Windows |
| Vulnerabilities CVE-2022-24969,CVE-2021-43297 are fixed in Apache-dubbo 2.7.15 | Windows |
| Vulnerabilities CVE-2022-24969 are fixed in Alibaba-dubbo for Linux 2.6.12 | Linux |
| Vulnerabilities CVE-2022-24969,CVE-2021-43297 are fixed in Apache-dubbo for Linux 2.7.15 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234