How severe is CVE-2021-30180?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-30180?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2021-30180 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.

Related Vulnerabilities

CVE-2015-5739

CRITICAL

CVSS:9.8(Critical)

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead...

CWE-4442015

CVE-2015-5740

CRITICAL

CVSS:9.8(Critical)

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Con...

CWE-4442015

CVE-2015-5741

CRITICAL

CVSS:9.8(Critical)

CWE-4442015

CVE-2016-10711

CRITICAL

CVSS:9.8(Critical)

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

CWE-4442016

CVE-2017-7657

CRITICAL

CVSS:9.8(Critical)

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk le...

CWE-4442017

CVE-2017-7658

CRITICAL

CVSS:9.8(Critical)

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the ...

CWE-4442017