CVE-2023-29234

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-29234
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29234.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-29234
Aliases
Published
2023-12-15T09:15:07.380Z
Modified
2026-03-15T14:45:43.595335Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

Affected packages

Git / github.com/apache/dubbo

Affected ranges

Type
GIT
Repo
https://github.com/apache/dubbo
Events
Introduced
db4007e44527451ceda23aa109b4123949b4210e
Last affected
cbb69a3fdfe66db6c8972d77b5239ba8decb0c9f
Introduced
5cbd95b5d915e9ccad286532873a2b2d09510982
Last affected
aa63f26ab9c5ee4dd5d7543f3d42dec4034974c8
Database specific 
{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.10"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "last_affected": "3.2.4"
        }
    ]
}

Affected versions

dubbo-3.*
dubbo-3.0.11
dubbo-3.0.12
dubbo-3.1.0
dubbo-3.1.1
dubbo-3.1.10
dubbo-3.1.2
dubbo-3.1.3
dubbo-3.1.4
dubbo-3.1.5
dubbo-3.1.6
dubbo-3.1.7
dubbo-3.1.8
dubbo-3.1.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29234.json"