Apache Dubbo Open Redirect and SSRF Vulnerability

Apache Dubbo Open Redirect and SSRF Vulnerability

CVE-2021-25640 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Learn more about our Cis Benchmark Audit For Apache Http Server.