When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
References
Link | Resource |
---|---|
https://issues.apache.org/jira/browse/SCB-2145 | Mailing List Patch Vendor Advisory |
https://seclists.org/oss-sec/2021/q1/60 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-01-25T09:25:14
Updated: 2021-01-25T09:25:14
Reserved: 2020-08-12T00:00:00
Link: CVE-2020-17532
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-25T10:16:32.533
Modified: 2021-01-29T21:37:06.230
Link: CVE-2020-17532
JSON object: View
Redhat Information
No data.