search

dangdangdotcom / dubbox

Dubbox now means Dubbo eXtensions, and it adds features like RESTful remoting, Kyro/FST serialization, etc to the Dubbo service framework.
http://dangdangdotcom.github.io/dubbox
Apache License 2.0
4.89k stars 2.06k forks source link

CVE-2020-1948在dubbox中是否存在 #408

Open 583479389 opened 4 years ago

583479389 commented 4 years ago

在Dubbo 中爆出了cve漏洞,请问Dubbox中是否受影响,受影响的版本有哪些呢 CVE-2020-1948对Dubbo 的影响版本为: 2.7.0 <= Dubbo Version <= 2.7.6 2.6.0 <= Dubbo Version <= 2.6.7 Dubbo 所有 2.5.x 版本(官方团队目前已不支持)