Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24969

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

Published

2022-06-09T16:15:08.340

Last Modified

2024-11-21T06:51:28.693

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-601
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	dubbo	< 2.6.12	Yes
Application	apache	dubbo	< 2.7.15	Yes

References

https://lists.apache.org/thread/1xbckc3467wfk5r7n2o44r2brdsbwxgr Broken Link ([email protected])
https://lists.apache.org/thread/1xbckc3467wfk5r7n2o44r2brdsbwxgr Broken Link (af854a3a-2127-422b-91ae-364da2661108)