CVE-2021-25640

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-25640
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25640.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-25640
Aliases
Published
2021-06-01T14:15:09Z
Modified
2024-10-11T09:41:29Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

References

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type
GIT
Repo
https://github.com/apache/dubbo
Events