{"schema_version": "1.6.1", "id": "CVE-2021-25640", "summary": "Open Redirect or SSRF vulnerability usage of parseURL", "details": "In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Dubbo 2.7.x"}, {"fixed": "2.7.9"}]}, {"type": "SEMVER", "events": [{"introduced": "Apache Dubbo 2.6.x"}, {"fixed": "2.6.9"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread.html/re4cab8855361a454d2af106fb3dad76259e723015fd7e09cb4f9eb77%40%3Cdev.dubbo.apache.org%3E"}]}