admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

update README.md

Browse Source
This commit is contained in:
tardc 2020-08-21 17:24:17 +08:00
parent 4668743ef7
commit 83900b12f0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dubbo/CVE-2020-1948/README.md
View File

@ -1,10 +1,10 @@
# CVE-2020-1948 Dubbo RCE
# CVE-2020-1948 Dubbo RCE
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code.
**Affected version**: apache dubbo 2.5.0 - 2.5.10, 2.6.0 - 2.6.7, 2.7.0 - 2.7.6
**[FOFA]([https://fofa.so/result?q=protocol%3D%3D%22apache-dubbo%22&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=](https://fofa.so/result?q=protocol%3D%3D"apache-dubbo"&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=)) query rule**: protocol=="apache-dubbo"
**[FOFA](https://fofa.so/result?q=protocol%3D%3D"apache-dubbo"&qbase64=cHJvdG9jb2w9PSJhcGFjaGUtZHViYm8i&file=&file=) query rule**: protocol=="apache-dubbo"
# Demo