oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability

From: wjm wjm <wujimin () apache org>
Date: Thu, 21 Jan 2021 09:58:53 +0800
Description:

When handler-router component is enabled in servicecomb-java-chassis,
authenticated user may inject some data and cause arbitrary code
execution.

The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in 2.1.5

This issue is being tracked as SCB-2145
Previous By Date Next
Previous By Thread Next

Current thread: