PT-2022-17019 · Apache · Apache Dubbo

Published

2022-06-06

Updated

2022-06-15

CVE-2022-24969

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Dubbo versions prior to 2.6.12 and 2.7.15

Description The issue arises from the usage of the parseURL method, which can lead to the bypass of the white host check. This can cause open redirect or Server-Side Request Forgery (SSRF) issues. SSRF occurs when an attacker can manipulate a server into making unauthorized requests, potentially leading to access of sensitive data or systems.

Recommendations For versions prior to 2.6.12, update to version 2.6.12 or later. For versions prior to 2.7.15, update to version 2.7.15 or later.

Fix

Open Redirect

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-918

Related Identifiers

CVE-2022-24969

GHSA-GM48-83X4-84JG

Affected Products

Apache Dubbo

PT-2022-17019 · Apache · Apache Dubbo

CVE-2022-24969

Weakness Enumeration

Related Identifiers

Affected Products

References · 7