diff --git a/cve/apache/2021/CVE-2021-43297/.keep b/cve/apache/2021/CVE-2021-43297/.keep
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/cve/apache/2021/CVE-2021-43297/README.md b/cve/apache/2021/CVE-2021-43297/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..f5be07b76f33b7088c258322fba20aee6965f0e1
--- /dev/null
+++ b/cve/apache/2021/CVE-2021-43297/README.md
@@ -0,0 +1,9 @@
+Apache Dubbo Hessian2异常处理时的反序列化（CVE-2021-43297）
+
+    将两个项目分别导入两个idea
+
+    先运行org.apache.dubbo.samples.basic.BasicProvider#main启动服务端
+
+    再运行org.apache.dubbo.samples.basic.BasicConsumer#main启动客户攻击端
+
+https://paper.seebug.org/1814/
\ No newline at end of file
diff --git a/cve/apache/2021/yaml/CVE-2021-43297.yaml b/cve/apache/2021/yaml/CVE-2021-43297.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..84eb42aa2762027cf66d1b86f2fa9dd10a26b032
--- /dev/null
+++ b/cve/apache/2021/yaml/CVE-2021-43297.yaml
@@ -0,0 +1,20 @@
+id: CVE-2021-43297
+source: https://github.com/longofo/Apache-Dubbo-Hessian2-CVE-2021-43297
+info:
+  name: Dubbo是一个高性能优秀的服务框架。
+  severity: high
+  description: |
+    Dubbo是一个高性能优秀的服务框架。CVE-2021-43297中，在Dubbo Hessian-Lite 3.2.11及之前版本中存在潜在RCE攻击风险。Hessian-Lite在遇到序列化异常时会输出相关信息，这可能导致触发某些恶意定制的Bean的toString方法，从而引发远程代码执行。
+  scope-of-influence:
+    Dubbo Hessian-Lite ≤ 3.2.11
+  reference:
+    - https://help.aliyun.com/document_detail/390193.html
+    - https://lists.apache.org/thread/1mszxrvp90y01xob56yp002939c7hlww	
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.9
+    cve-id: CVE-2021-43297
+    cwe-id: CWE-502
+    cnvd-id: None
+    kve-id: None
+  tags: cve2021, 数据泄漏
\ No newline at end of file