CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo

December 15, 2023 (updated February 13, 2025)

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5.

Users are recommended to upgrade to the latest version, which fixes the issue.

References

github.com/advisories/GHSA-97rv-88gf-phvr
github.com/apache/dubbo
lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo
nvd.nist.gov/vuln/detail/CVE-2023-46279

Code Behaviors & Features

Detect and mitigate CVE-2023-46279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →