Server-Side Request Forgery in Apache Dubbo
Moderate severity
GitHub Reviewed
Published
Mar 18, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Jun 1, 2021
Reviewed
Jun 2, 2021
Published to the GitHub Advisory Database
Mar 18, 2022
Last updated
Jan 29, 2023
In Apache Dubbo prior to 2.6.9 and 2.7.10, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
References