[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-17532: ServiceComb Yaml remote deserialization vulnerability
From:       wjm wjm <wujimin () apache ! org>
Date:       2021-01-21 1:58:53
Message-ID: CAFN+3hpkaRATUqPRiwJfmYpYKyFov3skdDt2LxFBqDfuF7de3A () mail ! gmail ! com
[Download RAW message or body]


Description:

When handler-router component is enabled in servicecomb-java-chassis,
authenticated user may inject some data and cause arbitrary code
execution.

The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in 2.1.5

This issue is being tracked as SCB-2145


[prev in list] [next in list] [prev in thread] [next in thread]