CVE-2022-24969

Description

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

Affected products

• Apache Software Foundation / Apache DubboApache Dubbo 2.7.x – 2.7.15
• Apache Software Foundation / Apache DubboApache Dubbo 2.6.x – 2.6.12

References

• MAILING_LISThttps://lists.apache.org/thread/1xbckc3467wfk5r7n2o44r2brdsbwxgr