VYPR

Maven package

org.apache.shardingsphere/shardingsphere

pkg:maven/org.apache.shardingsphere/shardingsphere

Vulnerabilities (2)

  • CVE-2023-28754Jul 19, 2023
    affected < 5.4.0fixed 5.4.0

    Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on

  • CVE-2020-1947Mar 11, 2020
    affected >= 4.0.0-RC3, < 4.0.1fixed 4.0.1

    In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can