This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2020-07-14T13:11:31
Updated: 2020-07-14T13:11:31
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1948
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-14T14:15:17.790
Modified: 2020-07-21T17:50:26.387
Link: CVE-2020-1948
JSON object: View
Redhat Information
No data.
CWE