45 matches found
CVE-2023-28754
The CVE-2023-28754 in Apache ShardingSphere-Agent is a Deserialization of Untrusted Data vulnerability up to version 5.3.2; it allows arbitrary code execution during YAML config deserialization via SnakeYAML, by deserializing a URLClassLoader to load a JAR from a URL and then a ScriptEngineManage...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apache Shardingsphere_Elasticjob-Ui
CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that affects...
PT-2025-5826 · Apache · Apache Shardingsphere Elasticjob-Ui
Name of the Vulnerable Software and Affected Versions: Apache ShardingSphere ElasticJob-UI versions prior to 3.0.2 Description: The issue allows an attacker to perform remote code execution RCE by constructing a special JDBC URL of the H2 database. The premise of this attack is that the attacker...
GHSA-V54F-XCMP-43CR Deserialization of Untrusted Data in Apache ShardingSphere
In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...
Deserialization of Untrusted Data in Apache ShardingSphere
In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...
CVE-2022-22733
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...
Privilege escalation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...
CVE-2022-22733
Apache ShardingSphere ElasticJob-UI (3.x, v3.0.0 and earlier) is affected by CVE-2022-22733, which allows a guest account to escalate privileges due to exposure of sensitive information to an unauthorized actor. Technical details from connected sources confirm the vulnerable component is ElasticJ...
CVE-2022-22733 Access-Token in ElasticJob UI causes password disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...
CVE-2022-22733 Access-Token in ElasticJob UI causes password disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...
Apache ShardingSphere 信息泄露漏洞
Apache ShardingSphere is an open source distributed database middleware solution from the Apache Foundation.Apache ShardingSphere ElasticJob-UI is vulnerable to an information disclosure vulnerability that stems from the exposure of sensitive information to unauthorized participants, which could ...
Apache ShardingSphere Code Issue Vulnerability (CNVD-2021-102824)
Apache ShardingSphere, an open source distributed database middleware solution from the Apache Foundation, has a security vulnerability in the Apache ShardingSphere UI that stems from insecure deserialization of serialized data received by the application from users, which could be exploited by a...
CVE-2021-26558
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...
CVE-2021-26558 Deserialization of Untrusted Data
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...
Apache ShardingSphere 代码问题漏洞
Apache ShardingSphere, an open source distributed database middleware solution from the Apache Foundation, has a security vulnerability in the Apache ShardingSphere UI that stems from insecure deserialization of serialized data received by the application from users, which could be exploited by a...
Exploit for Deserialization of Untrusted Data in Apache Shardingsphere
CVE-2020-1947 ApacheShardingShpereUIYAML解析远程代码执行漏洞复现及分析 概述...
Apache ShardingSphere Insecure Deserialization (CVE-2020-1947)
An insecure deserialization vulnerability exists in Apache ShardingSphere incubator. Successful exploitation of this vulnerability could result in arbitrary code execution with the privileges of the application...