admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2020-1948

Browse Source
This commit is contained in:
tardc 2020-08-21 17:22:05 +08:00
parent c27cb091c7
commit 4668743ef7
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Dubbo/CVE-2020-1948/CVE-2020-1948.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 813 KiB

11
Dubbo/CVE-2020-1948/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2020-1948 Dubbo RCE
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code.
**Affected version**: apache dubbo 2.5.0 - 2.5.10, 2.6.0 - 2.6.7, 2.7.0 - 2.7.6
**[FOFA]([https://fofa.so/result?q=protocol%3D%3D%22apache-dubbo%22&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=](https://fofa.so/result?q=protocol%3D%3D"apache-dubbo"&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=)) query rule**: protocol=="apache-dubbo"
# Demo
![](CVE-2020-1948.gif)