CVE-2022-24969: bypass of CVE-2021-25640
First published: Mon Jun 06 2022(Updated: )
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Dubbo | <2.6.12 | |
| Apache Dubbo | >=2.7.0<2.7.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-24969?
CVE-2022-24969 is a vulnerability in Apache Dubbo prior to version 2.6.12 and 2.7.15 that allows bypassing the white host check, leading to open redirect or SSRF vulnerability.
How does CVE-2022-24969 affect Apache Dubbo?
CVE-2022-24969 affects Apache Dubbo versions prior to 2.6.12 and 2.7.15.
What is the severity of CVE-2022-24969?
CVE-2022-24969 has a severity level of medium with a CVSS score of 6.1.
How can CVE-2022-24969 be exploited?
CVE-2022-24969 can be exploited by using the parseURL method in Apache Dubbo to bypass the white host check, potentially leading to open redirect or SSRF attacks.
How can CVE-2022-24969 be mitigated?
To mitigate CVE-2022-24969, it is recommended to upgrade to Apache Dubbo version 2.6.12 or 2.7.15 or later, which contains a fix for the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/apache
- canonical/apache dubbo
- version/apache dubbo/2.7.0