CVE-2021-30181 is a vulnerability in Apache Dubbo
Published on June 1, 2021
Apache Dubbo RCE on customers via Script route poisoning (Nashorn script injection)
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.
Products Associated with CVE-2021-30181
Want to know whenever a new CVE is published for Apache Dubbo? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Dubbo:- Version Apache Dubbo 2.7.x and below 2.7.9 is affected.
- Version Apache Dubbo 2.6.x and below 2.6.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.