Lucene search
ApacheCVELIST:CVE-2020-17532HistoryJan 25, 2021 - 9:25 a.m.
CVE-2020-17532 Apache ServiceComb Yaml remote deserialization vulnerability
2021-01-2509:25:14
CWE-20
apache
www.cve.org
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CNA Affected
[
{
"product": "Apache ServiceComb-Java-Chassis",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache ServiceComb-Java-Chassis 2.x 2.0.0 to 2.1.3"
}
]
}
]Related
github
github
Arbitrary code execution in Apache ServiceComb java-chassis
2022-02-09 22:19:00
veracode
veracode
Arbitrary Code Execution
2021-01-26 05:09:27
osv
osv
Arbitrary code execution in Apache ServiceComb java-chassis
2022-02-09 22:19:00
CVE-2020-17532
2021-01-25 10:16:32
prion
prion
Code injection
2021-01-25 10:16:00
cve
cve
CVE-2020-17532
2021-01-25 10:16:32
nvd
nvd
CVE-2020-17532
2021-01-25 10:16:32