CVE-2021-21501

Description

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.

How to fix CVE-2021-21501

To remediate CVE-2021-21501, upgrade the affected package to a fixed version below.

• Go/github.com/apache/servicecomb-service-center—upgrade to 2.0.0 or later

Is CVE-2021-21501 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.0.0

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-21501
• PATCHgithub.com/apache/servicecomb-service-center
• WEBgithub.com/apache/servicecomb-service-center/commit/f4f44fe5d4a7e530ca8ee7c6f2c9e891ae8353c9
• WEBgithub.com/apache/servicecomb-service-center/pull/788