CVE-2020-17532

CVE-2020-17532: Apache ServiceComb Yaml remote deserialization vulnerability

Vendor Apache Software Foundation

Product Apache ServiceComb-Java-Chassis

Weakness CWE-20 · Input validation

Published January 25, 2021

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5

Key dates

02Disclosure timeline

January 25, 2021 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-17532

Related vulnerabilities

04Related CVE

CVE-2021-44832 Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration CVE-2017-3846 CVE-2025-32076 Evil regex used to process user-provided data in VisualData CVE-2021-26626 tobesoft XPLATFORM Arbitrary file execution Vulnerability CVE-2025-14156 Fox LMS – WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'