org.apache.dubbo:dubbo-common@2.7.14 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.dubbo:dubbo-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Deserialization of Untrusted Data org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper sanitization when Dubbo generic invoked. How to fix Deserialization of Untrusted Data? Upgrade `org.apache.dubbo:dubbo-common` to version 2.7.22, 3.0.14, 3.1.6 or higher.	[,2.7.22) [3.0.0,3.0.14) [3.1.0,3.1.6)
M Open Redirect org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework. Affected versions of this package are vulnerable to Open Redirect due to the usage of `parseURL` method which can lead to a bypass of the white host check. This is a bypass of CVE-2021-25640 . How to fix Open Redirect? Upgrade `org.apache.dubbo:dubbo-common` to version 2.6.12, 2.7.15 or higher.	[,2.6.12) [2.7.0,2.7.15)
M NULL Pointer Dereference org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework. Affected versions of this package are vulnerable to NULL Pointer Dereference. When the `parseURL()`/`parseURLs()` functions receive an empty address as an argument, or `getDefaultExtension()` return a null valued `defaultextension`, a null pointer dereference might occur leading to a potential crash. How to fix NULL Pointer Dereference? Upgrade `org.apache.dubbo:dubbo-common` to version 2.7.15, 3.0.2 or higher.	[,2.7.15) [3.0.0,3.0.2)