

Rewterz Threat Alert – FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
September 8, 2021
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 8, 2021
Rewterz Threat Alert – FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
September 8, 2021
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 8, 2021Severity
High
Analysis Summary
CVE-2021-36162
Apache Dubbo could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the SnakeYAML library. By using specially-crafted YAML rules, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36163
Apache Dubbo could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Hessian protocol. By using a specially-crafted HessianSkeleton, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache Dubbo 2.7.0
- Apache Dubbo 2.7.12
- Apache Dubbo 3.0.0
- Apache Dubbo 3.0.1
- Apache Dubbo 2.6.10
Remediation
Upgrade to the latest version of Apache Dubbo, available from the Apache Web site.