CVE-2023-29234

CVE-2023-29234: Bypass serialize checks in Apache Dubbo

Vendor Apache Software Foundation

Product Apache Dubbo

Weakness CWE-502 · Unsafe deserialization

Published December 15, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

Key dates

Disclosure timeline

December 15, 2023 CVE published

February 13, 2025 Record updated

Identifiers

CVE CVE-2023-29234

CWE CWE-502

Affected versions

Vendor Apache Software Foundation

Product Apache Dubbo

Affected ≥ 3.1.0 and ≤ 3.1.10

Vendor Apache Software Foundation

Product Apache Dubbo

Affected ≥ 3.2.0 and ≤ 3.2.4