CVE-2021-30181 — CRITICAL (9.8)

Q: How severe is CVE-2021-30181?

CVE-2021-30181 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-30181?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Dubbo.

Vulnerability Description

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Dubbo	>= 2.5.0, < 2.6.10

References

https://lists.apache.org/thread.html/re22410dc704a09bc7032ddf15140cf5e7df3e8ece3Mailing ListVendor Advisory
https://lists.apache.org/thread.html/re22410dc704a09bc7032ddf15140cf5e7df3e8ece3Mailing ListVendor Advisory

FAQ

What is CVE-2021-30181?

CVE-2021-30181 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in orde...

How severe is CVE-2021-30181?

CVE-2021-30181 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-30181?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Dubbo.