Lucene search
+L

45 matches found

cve
cve
added 2023/07/19 7:15 a.m.77 views

CVE-2023-28754

The CVE-2023-28754 in Apache ShardingSphere-Agent is a Deserialization of Untrusted Data vulnerability up to version 5.3.2; it allows arbitrary code execution during YAML config deserialization via SnakeYAML, by deserializing a URLClassLoader to load a JAR from a URL and then a ScriptEngineManage...

8.8CVSS8.8AI score0.01207EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/07/19 7:15 a.m.26 views

CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...

8.8CVSS7.6AI score0.01207EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2023/07/19 7:15 a.m.19 views

CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...

8.8AI score0.01207EPSS
Exploits0References2
githubexploit
githubexploit
added 2023/04/25 11:39 a.m.300 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apache Shardingsphere_Elasticjob-Ui

CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that affects...

6.5CVSS6.7AI score0.37594EPSS
Exploits1
ptsecurity
ptsecurity
added 2022/11/01 12:0 a.m.7 views

PT-2025-5826 · Apache · Apache Shardingsphere Elasticjob-Ui

Name of the Vulnerable Software and Affected Versions: Apache ShardingSphere ElasticJob-UI versions prior to 3.0.2 Description: The issue allows an attacker to perform remote code execution RCE by constructing a special JDBC URL of the H2 database. The premise of this attack is that the attacker...

8.5CVSS7.2AI score0.00671EPSS
Exploits0References7
osv
osv
added 2022/02/10 8:39 p.m.43 views

GHSA-V54F-XCMP-43CR Deserialization of Untrusted Data in Apache ShardingSphere

In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...

9.8CVSS9.5AI score0.33918EPSS
Exploits1References2
github
github
added 2022/02/10 8:39 p.m.49 views

Deserialization of Untrusted Data in Apache ShardingSphere

In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...

9.8CVSS8.9AI score0.33918EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2022/01/20 11:15 a.m.19 views

CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...

6.5CVSS0.37594EPSS
Exploits1References2
prion
prion
added 2022/01/20 11:15 a.m.13 views

Privilege escalation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...

4CVSS6.4AI score0.37594EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/01/20 10:25 a.m.117 views

CVE-2022-22733

Apache ShardingSphere ElasticJob-UI (3.x, v3.0.0 and earlier) is affected by CVE-2022-22733, which allows a guest account to escalate privileges due to exposure of sensitive information to an unauthorized actor. Technical details from connected sources confirm the vulnerable component is ElasticJ...

6.5CVSS6.4AI score0.37594EPSS
Exploits1References2Affected Software1
osv
osv
added 2022/01/20 10:25 a.m.25 views

CVE-2022-22733 Access-Token in ElasticJob UI causes password disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...

6.5CVSS6.6AI score0.37594EPSS
Exploits1References4
cvelist
cvelist
added 2022/01/20 10:25 a.m.25 views

CVE-2022-22733 Access-Token in ElasticJob UI causes password disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...

6.6AI score0.37594EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/01/20 12:0 a.m.7 views

Apache ShardingSphere 信息泄露漏洞

Apache ShardingSphere is an open source distributed database middleware solution from the Apache Foundation.Apache ShardingSphere ElasticJob-UI is vulnerable to an information disclosure vulnerability that stems from the exposure of sensitive information to unauthorized participants, which could ...

6.5CVSS5.6AI score0.37594EPSS
Exploits1References4
cnvd
cnvd
added 2021/11/13 12:0 a.m.15 views

Apache ShardingSphere Code Issue Vulnerability (CNVD-2021-102824)

Apache ShardingSphere, an open source distributed database middleware solution from the Apache Foundation, has a security vulnerability in the Apache ShardingSphere UI that stems from insecure deserialization of serialized data received by the application from users, which could be exploited by a...

7.5CVSS4.2AI score0.02412EPSS
Exploits0References1
nvd
nvd
added 2021/11/11 10:15 a.m.18 views

CVE-2021-26558

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...

7.5CVSS0.02412EPSS
Exploits0References2
prion
prion
added 2021/11/11 10:15 a.m.15 views

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...

5CVSS7.5AI score0.02412EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/11/11 9:35 a.m.16 views

CVE-2021-26558 Deserialization of Untrusted Data

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...

7.7AI score0.02412EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/11/11 12:0 a.m.6 views

Apache ShardingSphere 代码问题漏洞

Apache ShardingSphere, an open source distributed database middleware solution from the Apache Foundation, has a security vulnerability in the Apache ShardingSphere UI that stems from insecure deserialization of serialized data received by the application from users, which could be exploited by a...

7.5CVSS6.3AI score0.02412EPSS
Exploits0References3
githubexploit
githubexploit
added 2020/05/29 8:7 a.m.102 views

Exploit for Deserialization of Untrusted Data in Apache Shardingsphere

CVE-2020-1947 ApacheShardingShpereUIYAML解析远程代码执行漏洞复现及分析 概述...

9.8CVSS9.3AI score0.33918EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
added 2020/04/26 12:0 a.m.24 views

Apache ShardingSphere Insecure Deserialization (CVE-2020-1947)

An insecure deserialization vulnerability exists in Apache ShardingSphere incubator. Successful exploitation of this vulnerability could result in arbitrary code execution with the privileges of the application...

7.5CVSS4.7AI score0.33918EPSS
Exploits1
Rows per page
Query Builder