Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-gw4j-4229-q4px

GitHub Security Advisory

Server-Side Request Forgery in Apache Dubbo

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

In Apache Dubbo prior to 2.6.9 and 2.7.10, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Affected Packages

Maven org.apache.dubbo:dubbo
Affected versions: 2.5.0 (fixed in 2.7.10)
Maven com.alibaba:dubbo
Affected versions: 2.5.0 (fixed in 2.6.9)

Related CVEs

CVE-2021-25640

Key Information

GHSA ID
GHSA-gw4j-4229-q4px
Published
March 18, 2022 5:56 PM
Last Modified
March 18, 2022 5:56 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.dubbo:dubbo
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.