CVE-2023-46279
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
9.8
CRITICAL
CVSS 3.1
EPSS 1.5%
Description
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
How to fix CVE-2023-46279
To remediate CVE-2023-46279, upgrade the affected package to a fixed version below.
- Maven/org.apache.dubbo:dubbo—upgrade to 3.1.6 or later
Is CVE-2023-46279 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.1.5, < 3.1.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |