Apache ServiceComb Yaml remote deserialization vulnerability

When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5

N/A

输入验证不恰当

Apache Servicecomb Java Chassis 代码问题漏洞

Apache Servicecomb Java Chassis是Apache基金会的一个基于Java语言用于为构建微服务提供整个解决方案的代码库。 Apache ServiceComb-Java-Chassis 2.1.5 之前版本存在代码问题漏洞，该漏洞允许经过身份验证的用户注入一些数据并导致任意代码执行。

N/A

N/A