CVE-2021-36161 is a vulnerability in Apache Dubbo
Published on September 9, 2021

Unprotected input value toString cause RCE
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

NVD

Products Associated with CVE-2021-36161

Want to know whenever a new CVE is published for Apache Dubbo? stack.watch will email you.

Apache Dubbo

Affected Versions

Apache Software Foundation Apache Dubbo:

Version Apache Dubbo 2.7.x, <= 2.7.12 is affected.

Exploit Probability

EPSS

2.73%

Percentile

85.77%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-36161 is a vulnerability in Apache DubboPublished on September 9, 2021

Products Associated with CVE-2021-36161

Affected Versions

Exploit Probability

CVE-2021-36161 is a vulnerability in Apache Dubbo
Published on September 9, 2021