When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
References
Link | Resource |
---|---|
https://issues.apache.org/jira/browse/SCB-2145 | Mailing List Patch Vendor Advisory |
https://seclists.org/oss-sec/2021/q1/60 | Mailing List Third Party Advisory |
https://issues.apache.org/jira/browse/SCB-2145 | Mailing List Patch Vendor Advisory |
https://seclists.org/oss-sec/2021/q1/60 | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 05:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://issues.apache.org/jira/browse/SCB-2145 - Mailing List, Patch, Vendor Advisory | |
References | () https://seclists.org/oss-sec/2021/q1/60 - Mailing List, Third Party Advisory |
Information
Published : 2021-01-25 10:16
Updated : 2024-11-21 05:08
NVD link : CVE-2020-17532
Mitre link : CVE-2020-17532
CVE.ORG link : CVE-2020-17532
JSON object : View
Products Affected
apache
- java_chassis