org.apache.dubbo:dubbo-common 3.0.0.preview vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.dubbo:dubbo-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Deserialization of Untrusted Data org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper sanitization when Dubbo generic invoked. How to fix Deserialization of Untrusted Data? Upgrade `org.apache.dubbo:dubbo-common` to version 2.7.22, 3.0.14, 3.1.6 or higher.	[,2.7.22)[3.0.0,3.0.14)[3.1.0,3.1.6)
M NULL Pointer Dereference org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework. Affected versions of this package are vulnerable to NULL Pointer Dereference. When the `parseURL()`/`parseURLs()` functions receive an empty address as an argument, or `getDefaultExtension()` return a null valued `defaultextension`, a null pointer dereference might occur leading to a potential crash. How to fix NULL Pointer Dereference? Upgrade `org.apache.dubbo:dubbo-common` to version 2.7.15, 3.0.2 or higher.	[,2.7.15)[3.0.0,3.0.2)
M Deserialization of Untrusted Data org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The `Dubbo Provider` will check that the incoming request and the corresponding serialization type of the request meet the configuration set by the server. However, there is an exception that the attacker can use to skip the security check (when enabled) and reach a deserialization operation with native Java serialization. How to fix Deserialization of Untrusted Data? Upgrade `org.apache.dubbo:dubbo-common` to version 2.7.13, 3.0.2 or higher.	[,2.7.13)[3.0.0,3.0.2)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper sanitization when Dubbo generic invoked.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.dubbo:dubbo-common to version 2.7.22, 3.0.14, 3.1.6 or higher.

[,2.7.22)[3.0.0,3.0.14)[3.1.0,3.1.6)

NULL Pointer Dereference

org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. When the parseURL()/parseURLs() functions receive an empty address as an argument, or getDefaultExtension() return a null valued defaultextension, a null pointer dereference might occur leading to a potential crash.

How to fix NULL Pointer Dereference?

Upgrade org.apache.dubbo:dubbo-common to version 2.7.15, 3.0.2 or higher.

[,2.7.15)[3.0.0,3.0.2)

Deserialization of Untrusted Data

org.apache.dubbo:dubbo-common is a high-performance, java based, open source RPC framework.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Dubbo Provider will check that the incoming request and the corresponding serialization type of the request meet the configuration set by the server. However, there is an exception that the attacker can use to skip the security check (when enabled) and reach a deserialization operation with native Java serialization.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.dubbo:dubbo-common to version 2.7.13, 3.0.2 or higher.

[,2.7.13)[3.0.0,3.0.2)

org.apache.dubbo:dubbo-common@3.0.0.preview vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically