Apache Helix is a general-purpose cluster management framework from the Apache (USA) Foundation for automating the management of partitioning, replication, and distributed resources hosted on clusters of nodes. Apache Helix suffers from a deserialization vulnerability that stems from the ability to use SnakeYAML to deserialize java.net.URLClassLoader to load a JAR from a specified URL and subsequently deserialize javax.script.ScriptEngineManager to use that ClassLoader to load code. An attacker could exploit this vulnerability to cause code execution.
CPE | Name | Operator | Version |
---|---|---|---|
apache apache helix | lt | 1.3.0 |