{"schema_version": "1.6.1", "id": "CVE-2020-17532", "summary": "Apache ServiceComb Yaml remote deserialization vulnerability", "details": "When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.\nThe problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache ServiceComb-Java-Chassis 2.x 2.0.0 to 2.1.3"}, {"last_affected": "Apache ServiceComb-Java-Chassis 2.x 2.0.0 to 2.1.3"}]}]}], "references": [{"type": "ADVISORY", "url": "https://seclists.org/oss-sec/2021/q1/60"}, {"type": "REPORT", "url": "https://issues.apache.org/jira/browse/SCB-2145"}]}