admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Dubbo/CVE-2020-1948
History
tardc 83900b12f0 update README.md
2020-08-21 17:24:17 +08:00
..
CVE-2020-1948.gif
Add CVE-2020-1948
2020-08-21 17:22:05 +08:00
README.md
update README.md
2020-08-21 17:24:17 +08:00

README.md

CVE-2020-1948 Dubbo RCE

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code.

Affected version: apache dubbo 2.5.0 - 2.5.10, 2.6.0 - 2.6.7, 2.7.0 - 2.7.6

FOFA query rule: protocol=="apache-dubbo"

Demo