Bing Dong

**Name of the Vulnerable Software and Affected Versions** Apache Dubbo versions prior to 2.6.9 and 2.7.9 Apache Dubbo versions prior to 2.6.9 and 2.7.10 Apache Dubbo versions prior to 2.6.12 and 2.7.15 However, to consolidate the ranges of affected versions into the most concise form and avoid redundant or overlapping statements, the above can be simplified to: Apache Dubbo versions prior to 2.6.12 and 2.7.15 **Description** The usage of the `parseURL` method in Apache Dubbo can lead to the bypass of the white host check, potentially causing open redirect or Server-Side Request Forgery (SSRF) issues. **Recommendations** For versions prior to 2.6.12 and 2.7.15, update to version 2.6.12 or 2.7.15 or later to resolve the issue. As a temporary workaround, consider restricting the usage of the `parseURL` method until a patch is available.