Miggo Logo
Miggo Vulnerability Database
CVE-2020-17532

CVE-2020-17532: Arbitrary code execution in Apache ServiceComb java-chassis

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-17532
GHSA ID
GHSA-px4w-rcv2-6x8x
EPSS Score
0.83381%
CWE
CWE-502
Published
2/9/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.servicecomb:java-chassismaven>= 1.0.0, < 1.3.21.3.2
org.apache.servicecomb:java-chassismaven>= 2.0.0, < 2.1.52.1.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsafe YAML deserialization using SnakeYAML's default parser, which allows arbitrary class instantiation. The patches replaced these usages with SafeConstructor (via YAMLUtil.yaml2Properties) or removed YAML parsing entirely (e.g., splitting headers by commas). The affected functions directly handled untrusted input (router rules, configuration data, headers) without proper validation, making them clear vectors for CWE-502 exploits. The confidence is high because the commit diffs explicitly address these points by introducing safe parsing mechanisms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n **n*l*r-rout*r *ompon*nt is *n**l** in s*rvi***om*-j*v*-***ssis, *ut**nti**t** us*r m*y inj**t som* **t* *n* **us* *r*itr*ry *o** *x**ution. T** pro*l*m **pp*ns in v*rsions **tw**n *.*.* ~ *.*.* *n* *ix** in *p**** S*rvi***om*-J*v*-***ssis *.*.*

Reasoning

T** vuln*r**ility st*ms *rom uns*** Y*ML **s*ri*liz*tion usin* Sn*k*Y*ML's ****ult p*rs*r, w*i** *llows *r*itr*ry *l*ss inst*nti*tion. T** p*t***s r*pl**** t**s* us***s wit* S****onstru*tor (vi* Y*MLUtil.y*ml*Prop*rti*s) or r*mov** Y*ML p*rsin* *ntir