CVE-2022-24969

MEDIUM

Apache Dubbo < 2.6.12 and 2.7.0-2.7.14 - Server-Side Request Forgery via parseURL Method

Title source: llm
STIX 2.1

Description

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0170
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601 CWE-918
Status published
Products (3)
apache/dubbo < 2.6.12
com.alibaba/dubbo 2.5.0 - 2.6.12Maven
org.apache.dubbo/dubbo 2.5.0 - 2.7.15Maven
Published Jun 09, 2022
Tracked Since Feb 18, 2026