API Documentation
Enrichment
Vulnerabilities
Integration
Vulnerability Intelligence(V2)
Copy
curl --request POST \
--url https://api.threatbook.io/v2/vulnerability/queryCopy
{
"data": {
"items": [
{
"evaluation": {
"x_vpt": {
"vpr": 10,
"vector_string": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A",
"risk_level": "High"
},
"cvss_v4": {},
"cvss_v3": {
"cvss_basic_score": 9.8,
"cvss_grade": "CRITICAL",
"cvss_exploitability": 5.9,
"cvss_impact_subscore": 3.9,
"cvss_vector_string": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss_vector": {
"cvss_privileges_required": "NONE",
"cvss_confidentiality": "HIGH",
"cvss_attack_complexity": "LOW",
"cvss_integrity": "HIGH",
"cvss_availability": "HIGH",
"cvss_attack_vector": "NETWORK",
"cvss_ui": "NONE"
}
},
"cvss_v2": {
"cvss_basic_score": 10,
"cvss_grade": "HIGH",
"cvss_exploitability": 10,
"cvss_impact_subscore": 10,
"cvss_vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cvss_vector": {
"cvss_confidentiality": "COMPLETE",
"cvss_integrity": "COMPLETE",
"cvss_availability": "COMPLETE",
"cvss_access_vector": "NETWORK",
"cvss_access_complexity": "LOW",
"cvss_authentication": "NONE"
}
}
},
"impact": {
"platform": [
"Applications"
],
"affected_vendors_products": [
{
"product": "Apache Dubbo",
"vendor": "Apache Software Foundation",
"version": [],
"version_comparison": {
"including": [],
"excluding": [],
"version_list": [
{
"range": "2.7.x<=version<=2.7.21"
},
{
"range": "3.0.x<=version<=3.0.13"
},
{
"range": "3.1.x<=version<=3.1.5"
}
]
},
"vendor_alias": [
"apacheruanjianjijinhui",
"Apache软件基金会",
"apache",
"Apache Software",
"apachesoftware",
"apache-ssl",
"apachessl",
"apache2triad",
"Apache_authenhook",
"Apache Authenhook Project",
"Apache Authenhook",
"apacheauthenhook",
"apache_authenhook_project",
"apache_friends",
"apachefriends",
"Apache Friends",
"Apache_gallery",
"Apache Gallery",
"apachegallery",
"Apache_solr_real-time",
"Apache Solr Real-time",
"Apache Solr Real-time Project",
"apachesolrrealtime",
"apache_solr_real-time_project",
"Apache_stats",
"Apache Stats",
"apachestats",
"apach",
"Apache OFBiz",
"apacheofbiz",
"Apache Struts",
"apachestruts",
"Apache Tomcat",
"Apache_tomcat",
"apachetomcat",
"Apache ShardingSphere",
"apacheshardingsphere",
"Apache Software Foundation",
"apachesoftwarefoundation",
"Apache Group",
"apachegroup",
"The Apache Software Foundation",
"theapachesoftwarefoundation",
"Apache Flink",
"apacheflink",
"Apache Subversion",
"apachesubversion",
"Apache Commons Components",
"apachecommonscomponents",
"Apache Commons",
"apachecommons",
"Xampp Apache friends",
"xamppapachefriends",
"cassandra",
"Apache SkyWalking",
"apacheskywalking",
"apacheauthenhookproject",
"apachesolrrealtimeproject"
],
"product_alias": [
"dubbo",
"Apache Dubbo",
"apachedubbo"
]
}
],
"cpe": [
{
"cpe_match": [
{
"cpe_uri": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*",
"cpe_name": [
"cpe:2.3:a:apache:dubbo:2.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.8:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.9:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.10:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.11:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.12:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.13:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.14:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.15:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.16:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.17:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.18:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.19:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.20:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.21:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*"
]
}
]
}
],
"affected_components": [
{
"package_manager": [
"Maven"
],
"component": [
{
"name": "org.apache.dubbo:dubbo",
"version_comparison": {
"version_list": [
"0<=version<2.7.22",
"3.0.0<=version<3.0.13",
"3.1.0<=version<3.1.5"
]
}
}
]
}
]
},
"intelligence": {
"tag": [
"RCE",
"TB PoC",
"PoC Disclosure",
"KEV",
"Public Component"
],
"has_poc_public": true,
"has_poc_threatbook": true,
"has_kev": true,
"is_highrisk": true,
"has_solution": true
},
"pocs": [
{
"description": "",
"title": "poc-go-tcp-apache-dubbo-cve-2023-23638-rce",
"url": "",
"file_url": "https://api.threatbook.io/secai/web/vul/download/81f7455ff5b106b80cb06fe7e80b4ddb.zip?key=73dae89e08a815b4fbc69455151de84f7f1bec771e99b3fad13eb136422aaff781dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739db98b910186d7b1603c8f0931bdc3b08b86762b787c2d10c59f8168dfdcadaae8",
"x_verified": true
},
{
"description": "Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践",
"title": "Apache-Dubbo-CVE-2023-23638-exp",
"url": "https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp",
"file_url": "https://api.threatbook.io/secai/web/vul/download/6eb1c19d6ca6a972909f84775b772a5e.zip?key=91d604b61e5a656f7feaa610901ffaf4e42d730784549bff2af8b3b4b0ba660c81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739db98b910186d7b1603c8f0931bdc3b08b86762b787c2d10c59f8168dfdcadaae8",
"x_verified": false
},
{
"description": "",
"title": "CVE-2023-23638-Tools",
"url": "https://github.com/AiK1d/CVE-2023-23638-Tools",
"file_url": "https://api.threatbook.io/secai/web/vul/download/f9108445095ab5ca1421df7dc4500011.zip?key=1b4aab15b4796cb5259f3bbab4a890c87adeab04e33b5134305c9c01f150faba81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739d02914c0171ffc7306929e49c49e2508786762b787c2d10c59f8168dfdcadaae8",
"x_verified": false
},
{
"description": "PoC of Apache Dubbo CVE-2023-23638",
"title": "Dubbo-RCE",
"url": "https://github.com/X1r0z/Dubbo-RCE",
"file_url": "https://api.threatbook.io/secai/web/vul/download/708744b1798b2a622941b3b404b2eb5c.zip?key=6b068c64ed7db7e019caf14d9dbf554dab6714d2efd393c298ddb05256ecbc6981dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739d8f85641f4ff418f18dc7214dff6a539786762b787c2d10c59f8168dfdcadaae8",
"x_verified": false
}
],
"solutions": [
{
"type": 0,
"url": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb",
"source": [
"cnvd",
"cnnvd",
"Threatbook Lab"
],
"text": "The vendor has now released an upgrade patch to address the identified vulnerability. The patch can be obtained through the following link:\nhttps://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb"
}
],
"patches": [
{
"url": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb",
"source": [
"cnvd",
"cnnvd",
"Threatbook Lab"
],
"version": [],
"text": "Apache Dubbo, a Java-based lightweight RPC (Remote Procedure Call) framework developed by the Apache Software Foundation, offers a range of features including interface-based remote invocation, fault tolerance, load balancing, and automatic service registration and discovery.\n\nA security vulnerability has been identified in Apache Dubbo, stemming from the unsafe deserialization of user-submitted data. This flaw could potentially allow attackers to execute malicious code. In response, the vendor has issued a security advisory and released relevant patches to address and rectify this vulnerability."
}
],
"link": "https://portal-test.threatbook-inc.cn/vulnerability/XVE-2023-4535",
"basic_info": {
"description": "Apache Dubbo is the United States Apache (Apache) Foundation of a lightweight Java-based RPC (Remote Procedure Call) framework. It provides interface-based remote calling, fault tolerance and load balancing, and automated service registration and discovery.Dubbo versions 2.7.21 and prior 2.7.x, 3.0.13 and prior 3.0.x, 3.1.5 and prior 3.1.x have a code issue vulnerability stemming from the presence of a deserialisation vulnerability, which could lead to the execution of malicious code execution. After analysis and research, the vulnerability can be remotely executed and is recommended to be fixed as soon as possible.",
"references": [
{
"text": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb",
"url": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb"
},
{
"text": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23638"
},
{
"text": "https://cxsecurity.com/cveshow/CVE-2023-23638/",
"url": "https://cxsecurity.com/cveshow/CVE-2023-23638/"
},
{
"text": "Apache Dubbo (CVE-2023-23638)完整利用及工程化实践",
"url": "https://forum.butian.net/share/2277"
},
{
"text": "Apache Dubbo CVE-2023-23638 JavaNative 反序列化漏洞分析",
"url": "https://xz.aliyun.com/t/12333"
},
{
"text": "",
"url": "https://xz.aliyun.com/t/12396"
},
{
"text": "",
"url": "https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp/"
}
],
"timeline": [
{
"event_list": [
"Public Disclosure"
],
"event_time": "2023-03-07 16:00:00"
},
{
"event_list": [
"Remediation Available",
"Temporary Mitigation Available",
"Vulnerability Recorded"
],
"event_time": "2023-03-09 11:03:12"
},
{
"event_list": [
"Exploitation Activity Observed"
],
"event_time": "2025-04-11 18:52:56"
},
{
"event_list": [
"PoC Recorded"
],
"event_time": "2025-06-08 16:50:36"
}
],
"xve_id": "XVE-2023-4535",
"cve_id": "CVE-2023-23638",
"cnnvd_id": [
"CNNVD-202303-617"
],
"vuln_name": "Apache Dubbo Deserialization Remote Code Execution Vulnerability",
"vuln_category": "Code Injection",
"publish_time": 1678204800,
"update_time": 1755159316,
"threatbook_create_time": 1678359792
}
}
],
"total": 1
},
"response_code": 200,
"msg": "Success"
}Vulnerabilities
Vulnerability Intelligence
Supports integrating vulnerability information into automated operations workflows, providing access to public vulnerability details, risk assessments, PoCs, remediation recommendations, patches, and more.
POST
/
v2
/
vulnerability
/
query
Vulnerability Intelligence(V2)
Copy
curl --request POST \
--url https://api.threatbook.io/v2/vulnerability/queryCopy
{
"data": {
"items": [
{
"evaluation": {
"x_vpt": {
"vpr": 10,
"vector_string": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A",
"risk_level": "High"
},
"cvss_v4": {},
"cvss_v3": {
"cvss_basic_score": 9.8,
"cvss_grade": "CRITICAL",
"cvss_exploitability": 5.9,
"cvss_impact_subscore": 3.9,
"cvss_vector_string": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss_vector": {
"cvss_privileges_required": "NONE",
"cvss_confidentiality": "HIGH",
"cvss_attack_complexity": "LOW",
"cvss_integrity": "HIGH",
"cvss_availability": "HIGH",
"cvss_attack_vector": "NETWORK",
"cvss_ui": "NONE"
}
},
"cvss_v2": {
"cvss_basic_score": 10,
"cvss_grade": "HIGH",
"cvss_exploitability": 10,
"cvss_impact_subscore": 10,
"cvss_vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"cvss_vector": {
"cvss_confidentiality": "COMPLETE",
"cvss_integrity": "COMPLETE",
"cvss_availability": "COMPLETE",
"cvss_access_vector": "NETWORK",
"cvss_access_complexity": "LOW",
"cvss_authentication": "NONE"
}
}
},
"impact": {
"platform": [
"Applications"
],
"affected_vendors_products": [
{
"product": "Apache Dubbo",
"vendor": "Apache Software Foundation",
"version": [],
"version_comparison": {
"including": [],
"excluding": [],
"version_list": [
{
"range": "2.7.x<=version<=2.7.21"
},
{
"range": "3.0.x<=version<=3.0.13"
},
{
"range": "3.1.x<=version<=3.1.5"
}
]
},
"vendor_alias": [
"apacheruanjianjijinhui",
"Apache软件基金会",
"apache",
"Apache Software",
"apachesoftware",
"apache-ssl",
"apachessl",
"apache2triad",
"Apache_authenhook",
"Apache Authenhook Project",
"Apache Authenhook",
"apacheauthenhook",
"apache_authenhook_project",
"apache_friends",
"apachefriends",
"Apache Friends",
"Apache_gallery",
"Apache Gallery",
"apachegallery",
"Apache_solr_real-time",
"Apache Solr Real-time",
"Apache Solr Real-time Project",
"apachesolrrealtime",
"apache_solr_real-time_project",
"Apache_stats",
"Apache Stats",
"apachestats",
"apach",
"Apache OFBiz",
"apacheofbiz",
"Apache Struts",
"apachestruts",
"Apache Tomcat",
"Apache_tomcat",
"apachetomcat",
"Apache ShardingSphere",
"apacheshardingsphere",
"Apache Software Foundation",
"apachesoftwarefoundation",
"Apache Group",
"apachegroup",
"The Apache Software Foundation",
"theapachesoftwarefoundation",
"Apache Flink",
"apacheflink",
"Apache Subversion",
"apachesubversion",
"Apache Commons Components",
"apachecommonscomponents",
"Apache Commons",
"apachecommons",
"Xampp Apache friends",
"xamppapachefriends",
"cassandra",
"Apache SkyWalking",
"apacheskywalking",
"apacheauthenhookproject",
"apachesolrrealtimeproject"
],
"product_alias": [
"dubbo",
"Apache Dubbo",
"apachedubbo"
]
}
],
"cpe": [
{
"cpe_match": [
{
"cpe_uri": "cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*",
"cpe_name": [
"cpe:2.3:a:apache:dubbo:2.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.8:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.9:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.10:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.11:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.12:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.13:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.14:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.15:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.16:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.17:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.18:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.19:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.20:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:2.7.21:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:3.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*"
]
}
]
}
],
"affected_components": [
{
"package_manager": [
"Maven"
],
"component": [
{
"name": "org.apache.dubbo:dubbo",
"version_comparison": {
"version_list": [
"0<=version<2.7.22",
"3.0.0<=version<3.0.13",
"3.1.0<=version<3.1.5"
]
}
}
]
}
]
},
"intelligence": {
"tag": [
"RCE",
"TB PoC",
"PoC Disclosure",
"KEV",
"Public Component"
],
"has_poc_public": true,
"has_poc_threatbook": true,
"has_kev": true,
"is_highrisk": true,
"has_solution": true
},
"pocs": [
{
"description": "",
"title": "poc-go-tcp-apache-dubbo-cve-2023-23638-rce",
"url": "",
"file_url": "https://api.threatbook.io/secai/web/vul/download/81f7455ff5b106b80cb06fe7e80b4ddb.zip?key=73dae89e08a815b4fbc69455151de84f7f1bec771e99b3fad13eb136422aaff781dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739db98b910186d7b1603c8f0931bdc3b08b86762b787c2d10c59f8168dfdcadaae8",
"x_verified": true
},
{
"description": "Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践",
"title": "Apache-Dubbo-CVE-2023-23638-exp",
"url": "https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp",
"file_url": "https://api.threatbook.io/secai/web/vul/download/6eb1c19d6ca6a972909f84775b772a5e.zip?key=91d604b61e5a656f7feaa610901ffaf4e42d730784549bff2af8b3b4b0ba660c81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739db98b910186d7b1603c8f0931bdc3b08b86762b787c2d10c59f8168dfdcadaae8",
"x_verified": false
},
{
"description": "",
"title": "CVE-2023-23638-Tools",
"url": "https://github.com/AiK1d/CVE-2023-23638-Tools",
"file_url": "https://api.threatbook.io/secai/web/vul/download/f9108445095ab5ca1421df7dc4500011.zip?key=1b4aab15b4796cb5259f3bbab4a890c87adeab04e33b5134305c9c01f150faba81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739d02914c0171ffc7306929e49c49e2508786762b787c2d10c59f8168dfdcadaae8",
"x_verified": false
},
{
"description": "PoC of Apache Dubbo CVE-2023-23638",
"title": "Dubbo-RCE",
"url": "https://github.com/X1r0z/Dubbo-RCE",
"file_url": "https://api.threatbook.io/secai/web/vul/download/708744b1798b2a622941b3b404b2eb5c.zip?key=6b068c64ed7db7e019caf14d9dbf554dab6714d2efd393c298ddb05256ecbc6981dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93257dfd3e60c80720ab02fb7977ca4527ad60ed6740370f3d0f86a7d929ebe3739d8f85641f4ff418f18dc7214dff6a539786762b787c2d10c59f8168dfdcadaae8",
"x_verified": false
}
],
"solutions": [
{
"type": 0,
"url": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb",
"source": [
"cnvd",
"cnnvd",
"Threatbook Lab"
],
"text": "The vendor has now released an upgrade patch to address the identified vulnerability. The patch can be obtained through the following link:\nhttps://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb"
}
],
"patches": [
{
"url": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb",
"source": [
"cnvd",
"cnnvd",
"Threatbook Lab"
],
"version": [],
"text": "Apache Dubbo, a Java-based lightweight RPC (Remote Procedure Call) framework developed by the Apache Software Foundation, offers a range of features including interface-based remote invocation, fault tolerance, load balancing, and automatic service registration and discovery.\n\nA security vulnerability has been identified in Apache Dubbo, stemming from the unsafe deserialization of user-submitted data. This flaw could potentially allow attackers to execute malicious code. In response, the vendor has issued a security advisory and released relevant patches to address and rectify this vulnerability."
}
],
"link": "https://portal-test.threatbook-inc.cn/vulnerability/XVE-2023-4535",
"basic_info": {
"description": "Apache Dubbo is the United States Apache (Apache) Foundation of a lightweight Java-based RPC (Remote Procedure Call) framework. It provides interface-based remote calling, fault tolerance and load balancing, and automated service registration and discovery.Dubbo versions 2.7.21 and prior 2.7.x, 3.0.13 and prior 3.0.x, 3.1.5 and prior 3.1.x have a code issue vulnerability stemming from the presence of a deserialisation vulnerability, which could lead to the execution of malicious code execution. After analysis and research, the vulnerability can be remotely executed and is recommended to be fixed as soon as possible.",
"references": [
{
"text": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb",
"url": "https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb"
},
{
"text": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23638"
},
{
"text": "https://cxsecurity.com/cveshow/CVE-2023-23638/",
"url": "https://cxsecurity.com/cveshow/CVE-2023-23638/"
},
{
"text": "Apache Dubbo (CVE-2023-23638)完整利用及工程化实践",
"url": "https://forum.butian.net/share/2277"
},
{
"text": "Apache Dubbo CVE-2023-23638 JavaNative 反序列化漏洞分析",
"url": "https://xz.aliyun.com/t/12333"
},
{
"text": "",
"url": "https://xz.aliyun.com/t/12396"
},
{
"text": "",
"url": "https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp/"
}
],
"timeline": [
{
"event_list": [
"Public Disclosure"
],
"event_time": "2023-03-07 16:00:00"
},
{
"event_list": [
"Remediation Available",
"Temporary Mitigation Available",
"Vulnerability Recorded"
],
"event_time": "2023-03-09 11:03:12"
},
{
"event_list": [
"Exploitation Activity Observed"
],
"event_time": "2025-04-11 18:52:56"
},
{
"event_list": [
"PoC Recorded"
],
"event_time": "2025-06-08 16:50:36"
}
],
"xve_id": "XVE-2023-4535",
"cve_id": "CVE-2023-23638",
"cnnvd_id": [
"CNNVD-202303-617"
],
"vuln_name": "Apache Dubbo Deserialization Remote Code Execution Vulnerability",
"vuln_category": "Code Injection",
"publish_time": 1678204800,
"update_time": 1755159316,
"threatbook_create_time": 1678359792
}
}
],
"total": 1
},
"response_code": 200,
"msg": "Success"
}Query Parameters
Your API Key
You are able to get the key on "My API" page of i.threatbook.io.
Kindly note:
Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.
Specifies the pagination cursor used to retrieve the next page of results.
If omitted, the first page of results will be returned.
Specifies the number of records to return per page. The default value is 10, and the maximum allowed value is 50.
Vulnerability IDs can be queried precisely using XVE, CVE, or CNNVD identifiers. The XVE ID serves as ThreatBook’s unique vulnerability identifier.
Batch queries are supported for up to 100 IDs, separated by commas. (Trial users: up to 10 per query.)
Vulnerability-affected vendors can be queried with exact-match search, and only single-item queries are supported.
Vulnerability-affected products can be queried with exact-match search.
Batch queries are supported for up to 100 items, separated by commas. (Trial users: up to 10 per query.)
Exploit paths can be queried with exact-match search.
Supports filtering vulnerabilities based on their update time.
Time options:
- 30d: Returns vulnerabilities updated within the last 30 calendar days (including today)
- 7d: Returns vulnerabilities updated within the last 7 calendar days (including today)
- 3d: Returns vulnerabilities updated within the last 3 calendar days (including today)
- 1d: Returns vulnerabilities updated from yesterday up to the query time
Supports filtering vulnerabilities based on ThreatBook’s ingestion time.
Time options:
- 30d: Returns vulnerabilities ingested within the last 30 calendar days (including today)
- 7d: Returns vulnerabilities ingested within the last 7 calendar days (including today)
- 3d: Returns vulnerabilities ingested within the last 3 calendar days (including today)
- 1d: Returns vulnerabilities ingested from yesterday up to the query time
Supports filtering high-risk vulnerabilities (those with high remediation priority).
This parameter is of boolean type. If not provided, all vulnerabilities are returned by default.
- true: Returns only high-risk vulnerabilities
- false: Returns vulnerabilities excluding high-risk ones
⌘I