CVE-2021-32824

{"id": "CVE-2021-32824", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-03T18:15:12.420", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue."}, {"lang": "es", "value": "Apache Dubbo es un framework RPC de c\u00f3digo abierto basado en Java. Las versiones anteriores a 2.6.10 y 2.7.10 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo previo a la autenticaci\u00f3n mediante manipulaci\u00f3n arbitraria de beans en el controlador Telnet. El puerto de servicio principal de Dubbo se puede utilizar para acceder a un controlador Telnet que ofrece algunos m\u00e9todos b\u00e1sicos para recopilar informaci\u00f3n sobre los proveedores y los m\u00e9todos expuestos por el servicio e incluso puede permitir cerrar el servicio. Este punto final no est\u00e1 protegido. Adem\u00e1s, se puede invocar un m\u00e9todo de proveedor utilizando el controlador `invoke`. Este controlador utiliza una versi\u00f3n segura de FastJson para procesar los argumentos de la llamada. Sin embargo, la lista resultante se procesa posteriormente con `PojoUtils.realize`, que puede usarse para crear instancias de clases arbitrarias e invocar a sus definidores. Aunque FastJson est\u00e1 protegido adecuadamente con una lista de bloqueo predeterminada, `PojoUtils.realize` no lo est\u00e1, y un atacante puede aprovechar eso para lograr la ejecuci\u00f3n remota de c\u00f3digo. Las versiones 2.6.10 y 2.7.10 contienen correcciones para este problema."}], "lastModified": "2024-11-21T06:07:49.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5B86A59-6090-40DA-BF2D-FA2B524A96FA", "versionEndExcluding": "2.6.10"}, {"criteria": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6C2034-505D-477A-83EE-E7ECDDD142A9", "versionEndExcluding": "2.7.10", "versionStartIncluding": "2.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}