Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
View Full Alert
Related Posts
CVE-2019-17230includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. View Full Alert
CVE-2019-17231includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. View Full Alert
CVE-2019-11343Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java. View Full Alert
