Security Advisory

CVE-2021-36161

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-09 07:45:11

Last updated 2024-08-04 00:47:43

Assigner apache

State PUBLISHED

Description

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

← Browse all CVEs View on cve.org ↗