Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-933g-v89r-x8pf

GitHub Security Advisory

Apache Dubbo vulnerable to Deserialization of Untrusted Data

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

Affected Packages

Maven org.apache.dubbo:dubbo
Affected versions: 0 (fixed in 2.7.22)
Maven org.apache.dubbo:dubbo
Affected versions: 3.0.0 (fixed in 3.0.13)
Maven org.apache.dubbo:dubbo
Affected versions: 3.1.0 (fixed in 3.1.5)

Related CVEs

CVE-2023-23638

Key Information

GHSA ID
GHSA-933g-v89r-x8pf
Published
March 8, 2023 12:30 PM
Last Modified
March 14, 2023 7:59 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.dubbo:dubbo
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.