CVE-2020-17532

When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
References
Link Resource
https://issues.apache.org/jira/browse/SCB-2145 Mailing List Patch Vendor Advisory
https://seclists.org/oss-sec/2021/q1/60 Mailing List Third Party Advisory
https://issues.apache.org/jira/browse/SCB-2145 Mailing List Patch Vendor Advisory
https://seclists.org/oss-sec/2021/q1/60 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:java_chassis:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () https://issues.apache.org/jira/browse/SCB-2145 - Mailing List, Patch, Vendor Advisory () https://issues.apache.org/jira/browse/SCB-2145 - Mailing List, Patch, Vendor Advisory
References () https://seclists.org/oss-sec/2021/q1/60 - Mailing List, Third Party Advisory () https://seclists.org/oss-sec/2021/q1/60 - Mailing List, Third Party Advisory

Information

Published : 2021-01-25 10:16

Updated : 2024-11-21 05:08


NVD link : CVE-2020-17532

Mitre link : CVE-2020-17532

CVE.ORG link : CVE-2020-17532


JSON object : View

Products Affected

apache

  • java_chassis
CWE
CWE-20

Improper Input Validation

CWE-502

Deserialization of Untrusted Data