9.8
CVE-2023-46279
- EPSS 1.49%
- Veröffentlicht 15.12.2023 09:15:07
- Zuletzt bearbeitet 13.02.2025 18:15:34
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
LoginApache Dubbo: Bypass deny serialize list check in Apache Dubbo
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.809 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.