CVE-2023-46279

CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

Vendor Apache Software Foundation
Product Apache Dubbo
Weakness CWE-502 · Unsafe deserialization
Published December 15, 2023
Last update February 13, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

Key dates

Disclosure timeline

December 15, 2023 CVE published
February 13, 2025 Record updated