CVE-2021-25640

Description

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

Affected products

• Apache Software Foundation / Apache DubboApache Dubbo 2.7.x – 2.7.9
• Apache Software Foundation / Apache DubboApache Dubbo 2.6.x – 2.6.9

References

• MAILING_LISThttps://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E
• MAILING_LISThttps://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E