Apache · Apache Dubbo · CVE-2022-39198
**Name of the Vulnerable Software and Affected Versions**
Apache Dubbo versions 2.7.17 and prior
Apache Dubbo versions 3.0.11 and prior
Apache Dubbo versions 3.1.0 and prior
dubbo hessian-lite versions 3.2.12 and earlier
**Description**
A deserialization vulnerability existed in dubbo hessian-lite, which could lead to malicious code execution.
**Recommendations**
For Apache Dubbo versions 2.7.17 and prior, update to a version later than 2.7.17.
For Apache Dubbo versions 3.0.11 and prior, update to a version later than 3.0.11.
For Apache Dubbo versions 3.1.0 and prior, update to a version later than 3.1.0.
For dubbo hessian-lite versions 3.2.12 and earlier, update to a version later than 3.2.12.