A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.dubbo:dubbo(Maven) | 3.1.0 | 3.1.11 | N/A |
| org.apache.dubbo:dubbo(Maven) | 3.2.0 | 3.2.5 | N/A |
CVSS Metrics
