4 matches found
GHSA-3CXH-XP3G-JXJM Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754
The CVE-2023-28754 in Apache ShardingSphere-Agent is a Deserialization of Untrusted Data vulnerability up to version 5.3.2; it allows arbitrary code execution during YAML config deserialization via SnakeYAML, by deserializing a URLClassLoader to load a JAR from a URL and then a ScriptEngineManage...