CVE-2021-36161 - OpenCVE

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Dubbo

Configuration 1 [-]

cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread.html/r40212261fd5d638074b65f22ac73eebe93ace310c79d4cfcca4863da%40%3Cdev.dubbo.apache.org%3E	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2021-09-09T07:45:11

Updated: 2021-09-09T07:45:11

Reserved: 2021-07-06T00:00:00

Link: CVE-2021-36161

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-09T08:15:28.667

Modified: 2021-09-17T15:47:23.503

Link: CVE-2021-36161

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "Apache Dubbo", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.7.12", "status": "affected", "version": "Apache Dubbo 2.7.x", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-09T07:45:11", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r40212261fd5d638074b65f22ac73eebe93ace310c79d4cfcca4863da%40%3Cdev.dubbo.apache.org%3E"}], "source": {"discovery": "UNKNOWN"}, "title": "Unprotected input value toString cause RCE", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-36161", "STATE": "PUBLIC", "TITLE": "Unprotected input value toString cause RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Dubbo", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache Dubbo 2.7.x", "version_value": "2.7.12"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/r40212261fd5d638074b65f22ac73eebe93ace310c79d4cfcca4863da%40%3Cdev.dubbo.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r40212261fd5d638074b65f22ac73eebe93ace310c79d4cfcca4863da%40%3Cdev.dubbo.apache.org%3E"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-36161", "datePublished": "2021-09-09T07:45:11", "dateReserved": "2021-07-06T00:00:00", "dateUpdated": "2021-09-09T07:45:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA1B4A0B-5B2C-466E-8C53-104288083BA2", "versionEndExcluding": "2.7.13", "versionStartIncluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13"}, {"lang": "es", "value": "Algunos componentes en Dubbo intentar\u00e1n imprimir la cadena formateada de los argumentos de entrada, lo que posiblemente causar\u00e1 RCE para un bean personalizado maliciosamente con el m\u00e9todo especial toString. En la \u00faltima versi\u00f3n, corregimos la llamada a toString en timeout, cache y algunos otros lugares. Corregido en Apache Dubbo versi\u00f3n 2.7.13"}], "id": "CVE-2021-36161", "lastModified": "2021-09-17T15:47:23.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-09T08:15:28.667", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r40212261fd5d638074b65f22ac73eebe93ace310c79d4cfcca4863da%40%3Cdev.dubbo.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}