CVE STALKER

CVE-2021-30179

CVSS
DESCRIPTIONApache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.
HEAT SCORE155

WORDS

TWEETS

DATE TWEETS USER
2021-07-26 16:30:24GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-202… https://t.co/T6PPKDHbyy https://twitter.com/i/web/status/1419694045287354368reverseame
2021-07-23 03:50:09CVE-2021-30179 Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods expose… https://t.co/ZYnrwJxJOE https://twitter.com/i/web/status/1418416428647124992VulmonFeeds
2021-06-26 15:50:06GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-202… https://t.co/lSb51ZZYj9 https://twitter.com/i/web/status/1408814639652249608Securityblog
2021-06-25 15:42:09GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-202… https://t.co/z6dHLNJXnC https://twitter.com/i/web/status/1408447840674848768ptracesecurity
2021-06-25 10:01:52GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo – CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-202… https://t.co/VnhSs8H4Dz https://twitter.com/i/web/status/1408362724279689220d34dr4bbit
2021-06-25 09:11:51CVE-2021-30179 Apache Dubbo RCE via Java deserialization in the Generic filter details 1. https://t.co/fP4YQc88ig… https://t.co/3aSwSRcDum https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/ https://twitter.com/i/web/status/1408349352435666951chybeta
2021-06-23 16:40:04GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-202… https://t.co/Wi5yKJLEzU https://twitter.com/i/web/status/1407740236776542209GHSecurityLab
2021-06-10 14:44:21New post from https://t.co/9KYxtdHHVL (CVE-2021-30179 (dubbo)) has been published on https://t.co/0aSvtUQXvI http://www.sesin.at https://www.sesin.at/2021/06/10/cve-2021-30179-dubbo/www_sesin_at
2021-06-10 14:42:05New post from https://t.co/uXvPWJPHkR (CVE-2021-30179 (dubbo)) has been published on https://t.co/ImSJ1DfKrd http://www.sesin.at https://www.sesin.at/2021/06/10/cve-2021-30179-dubbo/WolfgangSesin
2021-06-10 14:12:18🚨 NEW: CVE-2021-30179 🚨 Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary method… https://t.co/UHYKkru3nz https://twitter.com/i/web/status/1402989140803604483threatintelctr
2021-06-01 19:00:35New post from https://t.co/uXvPWJy6tj (CVE-2021-30179) has been published on https://t.co/mZvAwK3A20 http://www.sesin.at https://www.sesin.at/2021/06/01/cve-2021-30179/WolfgangSesin
2021-06-01 19:00:33New post from https://t.co/9KYxtdZjkl (CVE-2021-30179) has been published on https://t.co/bpSeeNjotu http://www.sesin.at https://www.sesin.at/2021/06/01/cve-2021-30179/www_sesin_at
2021-06-01 17:10:40My real name is CVE-2021-30179 but all my friends call me Dashed Shepherd https://t.co/CiCypEiYOT https://nvd.nist.gov/vuln/detail/CVE-2021-30179vulnonym
2021-06-01 16:10:22CVE-2021-30179 Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods expose… https://t.co/5zCLwA9RWo https://twitter.com/i/web/status/1399757743154675718VulmonFeeds
2021-05-31 08:50:05CVE-2021-30179 : #Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods expo… https://t.co/ddSriqtmAE https://twitter.com/i/web/status/1399285521344516096CVEreport