[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability
From: wjm wjm <wujimin () apache ! org>
Date: 2021-01-21 1:58:53
Message-ID: CAFN+3hpkaRATUqPRiwJfmYpYKyFov3skdDt2LxFBqDfuF7de3A () mail ! gmail ! com
[Download RAW message or body]
Description:
When handler-router component is enabled in servicecomb-java-chassis,
authenticated user may inject some data and cause arbitrary code
execution.
The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in 2.1.5
This issue is being tracked as SCB-2145
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic