{"schema_version": "1.6.1", "id": "CVE-2023-29234", "summary": "Bypass serialize checks in Apache Dubbo", "details": "A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4.\n\nUsers are recommended to upgrade to the latest version, which fixes the issue.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.1.0"}, {"last_affected": "3.1.0"}]}, {"type": "SEMVER", "events": [{"introduced": "3.2.0"}, {"last_affected": "3.2.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/wb2df2whkdnbgp54nnqn0m94rllx8f77"}]}