-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.dubbo:dubbo | maven | >= 3.1.0, < 3.1.11 | 3.1.11 |
| org.apache.dubbo:dubbo | maven | >= 3.2.0, < 3.2.5 | 3.2.5 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability involves bypassing serialization checks during deserialization of malicious payloads. Key components would be: 1) The RPC invocation decoding process (DecodeableRpcInvocation) which handles parameter deserialization. 2) The generic call handling (GenericFilter) which has historically been involved in serialization validation. Both locations are critical points where insufficient class validation could allow untrusted data deserialization. The CWE-502 classification and Dubbo's RPC architecture strongly suggest these components would be involved in serialization security controls.
Ongoing coverage of React2Shell