{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T06:54:07.832","vulnerabilities":[{"cve":{"id":"CVE-2021-43297","sourceIdentifier":"security@apache.org","published":"2022-01-10T16:15:09.527","lastModified":"2024-11-21T06:29:01.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5."},{"lang":"es","value":"Se presenta una vulnerabilidad de deserialización en Dubbo Hessian-lite versiones 3.2.11 y sus versiones anteriores, que podría conllevar a una ejecución de código malicioso. La mayoría de usuarios de Dubbo usan Hessian2 como el protocolo de serialización/deserialización por defecto, durante la captura de excepciones no esperadas de Hessian, Hessian sacará alguna información para usuarios, lo que puede causar una ejecución de comandos remotos. Este problema afecta a  Apache Dubbo versiones 2.6.x anteriores a 2.6.12; Apache Dubbo versiones 2.7.x anteriores a 2.7.15; Apache Dubbo versiones 3.0.x anteriores a 3.0.5"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.0","versionEndExcluding":"2.6.12","matchCriteriaId":"0C18088F-7CD5-4E22-9749-F4B703347A68"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.15","matchCriteriaId":"B2FBCC30-3E2F-4826-9E57-D01F158B4184"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.5","matchCriteriaId":"DCE9F3A7-DA3B-40DA-B048-68D52395DE2B"}]}]}],"references":[{"url":"https://lists.apache.org/thread/1mszxrvp90y01xob56yp002939c7hlww","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/1mszxrvp90y01xob56yp002939c7hlww","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}