High severityNVD Advisory· Published Mar 11, 2020· Updated Aug 4, 2024
CVE-2020-1947
CVE-2020-1947
Description
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shardingsphere:shardingsphereMaven | >= 4.0.0-RC3, < 4.0.1 | 4.0.1 |
Affected products
2- Apache Software Foundation/Apache ShardingSphere(incubator)v5Range: 4.0.0-RC3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.