Reply-To: dev@servicecomb.apache.org Subject: CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server
Affected versions: - Apache ServiceComb Service-Center through 2.1.0 Description: Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue. Credit: 苏 安 <suanw...@hotmail.com> (finder) References: https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s https://servicecomb.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-44312