44 matches found
CVE-2022-31764
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
EUVD-2021-13357
Malware in sbrugna...
EUVD-2022-54255
Malicious code in bioql PyPI...
EUVD-2023-1936
Malicious code in bioql PyPI...
EUVD-2022-7763
Malicious code in bioql PyPI...
CVE-2022-22733
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...
CVE-2022-45347
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...
CVE-2020-1947
In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...
CVE-2022-31764
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
CVE-2022-31764
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
CVE-2022-31764
The CVE describes an RCE in Apache ShardingSphere ElasticJob-UI Lite UI, exploitable by constructing a special H2 JDBC URL. Affected versions are 3.0.1 and earlier; ElasticJob-UI 3.0.2 fixes the issue. The attack premise requires the attacker to have obtained the account credentials; without them...
Apache ShardingSphere ElasticJob-UI 安全漏洞
Apache ShardingSphere ElasticJob-UI is an administrator console for ElasticJob from the Apache USA Foundation. A security vulnerability exists in Apache ShardingSphere ElasticJob-UI version 3.0.1 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...
This Week in Spring - December 10th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am in the southern hemisphere it's summer down here!, in Brisbane, waiting to board a plane for Sydney. It's been a ton of fun! I did a video looking at the latest-and-greatest in Spring Framework 6.2 - chec...
This Week in Spring - January 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...
GHSA-3CXH-XP3G-JXJM Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...