Yemoli、R1Ckyz、Koishi、Cxc

**Name of the Vulnerable Software and Affected Versions** Apache Dubbo versions 2.7.21 and prior versions Apache Dubbo versions 3.0.13 and prior versions Apache Dubbo versions 3.1.5 and prior versions **Description** A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. The issue is related to the mechanism of deserialization in the Apache Dubbo RPC framework, allowing a remote attacker to execute arbitrary code. **Recommendations** For Apache Dubbo versions 2.7.21 and prior versions, update to a version later than 2.7.21. For Apache Dubbo versions 3.0.13 and prior versions, update to a version later than 3.0.13. For Apache Dubbo versions 3.1.5 and prior versions, update to a version later than 3.1.5. As a temporary workaround, consider disabling the dubbo generic invoke functionality until a patch is available. Restrict access to the vulnerable RPC endpoint to minimize the risk of exploitation.