Lucene search
Veracode Vulnerability DatabaseVERACODE:29140HistoryJan 26, 2021 - 5:09 a.m.
Arbitrary Code Execution
2021-01-2605:09:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
26.1%
foundation-config is vulnerable to arbitrary code execution. An insecure and unsafe local YAML file parsing allows an attacker to execute arbitrary code on the host OS via a malicious YAML file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| java chassis::foundations::config | le | 1.3.1 | |
| java chassis::foundations::config | le | 2.1.5 |
Related
cve
cve
CVE-2020-17532
2021-01-25 10:16:32
nvd
nvd
CVE-2020-17532
2021-01-25 10:16:32
github
github
Arbitrary code execution in Apache ServiceComb java-chassis
2022-02-09 22:19:00
osv
osv
Arbitrary code execution in Apache ServiceComb java-chassis
2022-02-09 22:19:00
CVE-2020-17532
2021-01-25 10:16:32
prion
prion
Code injection
2021-01-25 10:16:00
cvelist
cvelist
CVE-2020-17532 Apache ServiceComb Yaml remote deserialization vulnerability
2021-01-25 09:25:14