3 matches found
CVE-2023-39106
creationtimestamp| type| source ---|---|--- 2023-08-21 20:41:08+00:00| seen| https://t.me/cibsecurity/68893...
cn.dynamictp:dynamic-tp-example-nacos (>=1.0.8 <=1.1.2), cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.18) +75 more potentially affected by CVE-2023-39106 via com.alibaba.nacos:nacos-spring-context (>=0.1.0-RC1 <=1.1.1)
com.alibaba.nacos:nacos-spring-context MAVEN version =0.1.0-RC1, =1.0.8, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =0.1.0, =0.1.0, =0.1.10, =0.1.10, =0.1.10, =0.1.10, =2.0.0, =2.0.0, =2.0.0-beta8 - com.gitee.pulanos.pangu:pangu-framework =5.0.0 and more Source cves: CVE-2023-39106 Source advisory:...
CVE-2023-39106
CVE-2023-39106 concerns the Nacos Spring Project (v1.1.1 and earlier). The issue arises in the SnakeYamls Constructor(), used to parse YAML files, allowing a remote attacker to execute arbitrary code. The vulnerability is described consistently across multiple sources in the provided documents (N...