Apache Dubbo 3.1.5 Deserialization Untrusted Data Vulnerability
CVE-2023-46279 Published on December 15, 2023
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.
Users are recommended to upgrade to the latest version, which fixes the issue.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2023-46279 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2023-46279
Want to know whenever a new CVE is published for Apache Dubbo? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Dubbo Version 3.1.5 is affected by CVE-2023-46279Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.