CVE-2021-30180 is a vulnerability in Apache Dubbo
Published on June 1, 2021

Apache Dubbo RCE on customers via Condition route poisoning (Unsafe YAML unmarshaling)
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.

NVD

Products Associated with CVE-2021-30180

Want to know whenever a new CVE is published for Apache Dubbo? stack.watch will email you.

Apache Dubbo

Affected Versions

Apache Software Foundation Apache Dubbo:

Version Apache Dubbo 2.7.x and below 2.7.9 is affected.

Exploit Probability

EPSS

4.40%

Percentile

88.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-30180 is a vulnerability in Apache DubboPublished on June 1, 2021

Products Associated with CVE-2021-30180

Affected Versions

Exploit Probability

CVE-2021-30180 is a vulnerability in Apache Dubbo
Published on June 1, 2021