Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2021-05-29T07:30:12
Updated: 2024-08-03T22:24:59.650Z
Reserved: 2021-04-07T00:00:00
Link: CVE-2021-30181
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-06-01T14:15:09.967
Modified: 2021-06-10T16:05:07.443
Link: CVE-2021-30181
Redhat
No data.