When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
References
Link | Resource |
---|---|
https://issues.apache.org/jira/browse/SCB-2145 | Mailing List Patch Vendor Advisory |
https://seclists.org/oss-sec/2021/q1/60 | Mailing List Third Party Advisory |
Configurations
History
29 Jan 2021, 21:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
CPE | cpe:2.3:a:apache:java_chassis:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://seclists.org/oss-sec/2021/q1/60 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://issues.apache.org/jira/browse/SCB-2145 - Mailing List, Patch, Vendor Advisory |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5 |
25 Jan 2021, 10:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-25 10:16
Updated : 2023-12-10 13:41
NVD link : CVE-2020-17532
Mitre link : CVE-2020-17532
CVE.ORG link : CVE-2020-17532
JSON object : View
Products Affected
apache
- java_chassis