Vulnerability Details CVE-2021-30180
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
References
Products affected by CVE-2021-30180
-
cpe:2.3:a:apache:dubbo:2.7.0
-
cpe:2.3:a:apache:dubbo:2.7.1
-
cpe:2.3:a:apache:dubbo:2.7.2
-
cpe:2.3:a:apache:dubbo:2.7.3
-
cpe:2.3:a:apache:dubbo:2.7.4
-
cpe:2.3:a:apache:dubbo:2.7.4.1
-
cpe:2.3:a:apache:dubbo:2.7.5
-
cpe:2.3:a:apache:dubbo:2.7.6
-
cpe:2.3:a:apache:dubbo:2.7.7
-
cpe:2.3:a:apache:dubbo:2.7.8
-
cpe:2.3:a:apache:dubbo:2.7.9