=====================================================================

                               CERT-Renater

                    Note d'Information No. 2022/VULN389

_____________________________________________________________________

DATE                : 18/10/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Dubbo versions up to and
                               including .

=====================================================================
https://lists.apache.org/thread/ot7hklf7vc951dw6nmwvsg6n0by3rs4n
_____________________________________________________________________

CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability
Gadgets Bypass
download

Severity: mode
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12
and its earlier versions, which could lead to malicious code
execution.

This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior
versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions;
Apache Dubbo 3.1.x version 3.1.0 and prior versions.


Credit:

yemoli&cxc


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================