CVE-2023-23638

Apache Dubbo Deserialization Vulnerability Notice (CVE-2023-23638)

March 14, 2023

Overview Recently, NSFOCUS CERT detected that Apache officially issued a security notice, fixing an Apache Dubbo deserialization vulnerability (CVE-2023-23638). Due to the flaws in Apache Dubbo’s deserialization security check, remote attackers can construct malicious data packets to conduct deserialization attacks, and finally execute arbitrary code on the target system. Affected users are requested to take […]

Search

Subscribe to the NSFOCUS Blog