Lucene search
ApacheCVELIST:CVE-2020-1947HistoryMar 11, 2020 - 8:40 p.m.
CVE-2020-1947
2020-03-1120:40:53
apache
www.cve.org
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
CNA Affected
[
{
"product": "Apache ShardingSphere(incubator)",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "4.0.0-RC3"
},
{
"status": "affected",
"version": "4.0.0"
}
]
}
]Related
checkpoint_advisories
checkpoint_advisories
Apache ShardingSphere Insecure Deserialization (CVE-2020-1947)
2020-04-26 00:00:00
github
github
Deserialization of Untrusted Data in Apache ShardingSphere
2022-02-10 20:39:47
cve
cve
CVE-2020-1947
2020-03-11 21:15:11
prion
prion
Code injection
2020-03-11 21:15:00
osv
osv
Deserialization of Untrusted Data in Apache ShardingSphere
2022-02-10 20:39:47
CVE-2020-1947
2020-03-11 21:15:11
nvd
nvd
CVE-2020-1947
2020-03-11 21:15:11
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Shardingsphere
2020-05-29 08:07:16