Description
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
Remediation
References
https://issues.apache.org/jira/browse/SCB-2145
https://seclists.org/oss-sec/2021/q1/60
Related Vulnerabilities
CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library
CVE-2022-28820 Vulnerability in maven package com.adobe.acs:acs-aem-commons-ui.apps
CVE-2021-21343 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-45802 Vulnerability in maven package org.apache.streampark:streampark-common_2.12
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12