cve/2020/CVE-2020-1948.md

### [CVE-2020-1948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1948)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Dubbo&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20through%20Deserialization&color=brighgreen)

### Description

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Armandhe-China/ApacheDubboSerialVuln
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/DSO-Lab/pocscan
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/HimmelAward/Goby_POC
- https://github.com/L0kiii/Dubbo-deserialization
- https://github.com/M3g4Byt3/cve-2020-1948-poc
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/SexyBeast233/SecBooks
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Tyro-Shan/gongkaishouji
- https://github.com/Whoopsunix/PPPRASP
- https://github.com/Whoopsunix/PPPVULNS
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/Penetration_PoC
- https://github.com/ctlyz123/CVE-2020-1948
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/huimzjty/vulwiki
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lz2y/DubboPOC
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/password520/Penetration_PoC
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pentration/gongkaishouji
- https://github.com/soosmile/POC
- https://github.com/tanjiti/sec_profile
- https://github.com/txrw/Dubbo-CVE-2020-1948
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji
- https://github.com/zhengjim/loophole
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-1948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1948)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Dubbo&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20through%20Deserialization&color=brighgreen)`

			`### Description`

			`This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/20142995/Goby`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet`
			`- https://github.com/Armandhe-China/ApacheDubboSerialVuln`
			`- https://github.com/BrittanyKuhn/javascript-tutorial`
			`- https://github.com/CnHack3r/Penetration_PoC`
			`- https://github.com/DSO-Lab/pocscan`
			`- https://github.com/EchoGin404/-`
			`- https://github.com/EchoGin404/gongkaishouji`
			`- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet`
			`- https://github.com/HimmelAward/Goby_POC`
			`- https://github.com/L0kiii/Dubbo-deserialization`
			`- https://github.com/M3g4Byt3/cve-2020-1948-poc`
			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/PalindromeLabs/Java-Deserialization-CVEs`
			`- https://github.com/SexyBeast233/SecBooks`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/TrojanAZhen/Self_Back`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/Tyro-Shan/gongkaishouji`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Whoopsunix/PPPRASP`
			`- https://github.com/Whoopsunix/PPPVULNS`
			`- https://github.com/YIXINSHUWU/Penetration_Testing_POC`
			`- https://github.com/Z0fhack/Goby_POC`
Update Mon May 27 13:12:02 UTC 2024 2024-05-27 13:12:02 +00:00			`- https://github.com/ZTK-009/Penetration_PoC`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/ctlyz123/CVE-2020-1948`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/hasee2018/Penetration_Testing_POC`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/huike007/penetration_poc`
			`- https://github.com/huike007/poc`
			`- https://github.com/huimzjty/vulwiki`
			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/lz2y/DubboPOC`
			`- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/password520/Penetration_PoC`
			`- https://github.com/pen4uin/awesome-vulnerability-research`
			`- https://github.com/pen4uin/vulnerability-research`
			`- https://github.com/pen4uin/vulnerability-research-list`
Update CVE sources 2024-08-12 19:01 2024-08-12 19:01:27 +00:00			`- https://github.com/pentration/gongkaishouji`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/soosmile/POC`
			`- https://github.com/tanjiti/sec_profile`
			`- https://github.com/txrw/Dubbo-CVE-2020-1948`
			`- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-`
			`- https://github.com/xuetusummer/Penetration_Testing_POC`
			`- https://github.com/yedada-wei/-`
			`- https://github.com/yedada-wei/gongkaishouji`
			`- https://github.com/zhengjim/loophole`