You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/12/22 12:32:55 UTC

[GitHub] [servicecomb-java-chassis] Neverstop opened a new issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Neverstop opened a new issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159


   https://nvd.nist.gov/vuln/detail/CVE-2020-1953#vulnCurrentDescriptionTitle
   
   servicecomb使用版本：2.0.2
   请问这个漏洞涉及吗
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] jeho0815 commented on issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Posted by GitBox <gi...@apache.org>.

jeho0815 commented on issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159#issuecomment-749526814


   Apache Commons Configuration可以使用yaml配置，它是利用第三方来解析，servicecomb本身解析yaml是直接使用snakeyaml的，还有解析的yaml来源是否可信，如果你的来源都是可信的，也可以认为不涉及


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] Neverstop closed issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Posted by GitBox <gi...@apache.org>.

Neverstop closed issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] Neverstop commented on issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Posted by GitBox <gi...@apache.org>.

Neverstop commented on issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159#issuecomment-749527859


   好的 了解了 谢谢


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] liubao68 commented on issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Posted by GitBox <gi...@apache.org>.

liubao68 commented on issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159#issuecomment-749550759


   servicecomb using 1.10, not 2.0.2


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] Neverstop commented on issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Posted by GitBox <gi...@apache.org>.

Neverstop commented on issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159#issuecomment-749521669


   uses a third-party library to parse YAML  
   咨询一下这个组件到底是什么


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] jeho0815 commented on issue #2159: Apache Commons Configuration-1.10 满分致命漏洞

Posted by GitBox <gi...@apache.org>.

jeho0815 commented on issue #2159:
URL: https://github.com/apache/servicecomb-java-chassis/issues/2159#issuecomment-749519025


   Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML
   没用到这个解析yaml，使用的是snakeyaml，所以不涉及


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org