oss-sec mailing list archives
CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability
From: wjm wjm <wujimin () apache org>
Date: Thu, 21 Jan 2021 09:58:53 +0800
Description: When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in 2.1.5 This issue is being tracked as SCB-2145
Current thread:
- CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability wjm wjm (Jan 21)