Lucene search
China National Vulnerability DatabaseCNVD-2023-80562HistoryJul 30, 2023 - 12:00 a.m.
Apache Helix Deserialization Vulnerability
2023-07-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
apache
cluster management
replication
distributed resources
deserialization
snakeyaml
java
code execution
security vulnerability
Apache Helix is a general-purpose cluster management framework from the Apache (USA) Foundation for automating the management of partitioning, replication, and distributed resources hosted on clusters of nodes. Apache Helix suffers from a deserialization vulnerability that stems from the ability to use SnakeYAML to deserialize java.net.URLClassLoader to load a JAR from a specified URL and subsequently deserialize javax.script.ScriptEngineManager to use that ClassLoader to load code. An attacker could exploit this vulnerability to cause code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache helix | lt | 1.3.0 |
Related
cve
cve
CVE-2023-38647
2023-07-26 08:15:10
veracode
veracode
Remote Code Execution (RCE)
2023-07-27 11:36:23
prion
prion
Deserialization of untrusted data
2023-07-26 08:15:00
nvd
nvd
CVE-2023-38647
2023-07-26 08:15:10
cvelist
cvelist
osv
osv
Deserialization vulnerability in Helix workflow and REST
2023-07-26 09:30:15
github
github
Deserialization vulnerability in Helix workflow and REST
2023-07-26 09:30:15
wolfi
wolfi
CVE-2023-38647 vulnerabilities
2024-06-29 03:08:33