Vulnerability Details CVE-2021-25640
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
- https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
Products affected by CVE-2021-25640
-
cpe:2.3:a:apache:dubbo:2.5.0
-
cpe:2.3:a:apache:dubbo:2.5.1
-
cpe:2.3:a:apache:dubbo:2.5.10
-
cpe:2.3:a:apache:dubbo:2.5.2
-
cpe:2.3:a:apache:dubbo:2.5.3
-
cpe:2.3:a:apache:dubbo:2.5.4
-
cpe:2.3:a:apache:dubbo:2.5.5
-
cpe:2.3:a:apache:dubbo:2.5.6
-
cpe:2.3:a:apache:dubbo:2.5.7
-
cpe:2.3:a:apache:dubbo:2.5.8
-
cpe:2.3:a:apache:dubbo:2.5.9
-
cpe:2.3:a:apache:dubbo:2.6.0
-
cpe:2.3:a:apache:dubbo:2.6.1
-
cpe:2.3:a:apache:dubbo:2.6.2
-
cpe:2.3:a:apache:dubbo:2.6.3
-
cpe:2.3:a:apache:dubbo:2.6.4
-
cpe:2.3:a:apache:dubbo:2.6.5
-
cpe:2.3:a:apache:dubbo:2.6.6
-
cpe:2.3:a:apache:dubbo:2.6.7
-
cpe:2.3:a:apache:dubbo:2.6.8
-
cpe:2.3:a:apache:dubbo:2.7.0
-
cpe:2.3:a:apache:dubbo:2.7.1
-
cpe:2.3:a:apache:dubbo:2.7.2
-
cpe:2.3:a:apache:dubbo:2.7.3
-
cpe:2.3:a:apache:dubbo:2.7.4
-
cpe:2.3:a:apache:dubbo:2.7.4.1
-
cpe:2.3:a:apache:dubbo:2.7.5
-
cpe:2.3:a:apache:dubbo:2.7.6
-
cpe:2.3:a:apache:dubbo:2.7.7
-
cpe:2.3:a:apache:dubbo:2.7.8