CVE-2019-17564 is a vulnerability in Apache Dubbo
Published on April 1, 2020

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.

NVD

Products Associated with CVE-2019-17564

Want to know whenever a new CVE is published for Apache Dubbo? stack.watch will email you.

Apache Dubbo

Affected Versions

Apache Dubbo:

Version 2.7.0 to 2.7.4 is affected.
Version 2.6.0 to 2.6.7 is affected.
Version all 2.5.x versions is affected.

Exploit Probability

EPSS

94.05%

Percentile

99.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17564 is a vulnerability in Apache DubboPublished on April 1, 2020

Products Associated with CVE-2019-17564

Affected Versions

Exploit Probability

CVE-2019-17564 is a vulnerability in Apache Dubbo
Published on April 1, 2020