Maven package
org.apache.shardingsphere/shardingsphere
pkg:maven/org.apache.shardingsphere/shardingsphere
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28754 | — | < 5.4.0 | 5.4.0 | Jul 19, 2023 | Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on | ||
| CVE-2020-1947 | — | >= 4.0.0-RC3, < 4.0.1 | 4.0.1 | Mar 11, 2020 | In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can |
- CVE-2023-28754Jul 19, 2023affected < 5.4.0fixed 5.4.0
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on
- CVE-2020-1947Mar 11, 2020affected >= 4.0.0-RC3, < 4.0.1fixed 4.0.1
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can