3 matches found
Exploit for Deserialization of Untrusted Data in Apache Shardingsphere
CVE-2020-1947 ApacheShardingShpereUIYAML解析远程代码执行漏洞复现及分析 概述...
Apache ShardingSphere Insecure Deserialization (CVE-2020-1947)
An insecure deserialization vulnerability exists in Apache ShardingSphere incubator. Successful exploitation of this vulnerability could result in arbitrary code execution with the privileges of the application...
CVE-2020-1947
CVE-2020-1947 affects Apache ShardingSphere (incubator) 4.0.0-RC3 and 4.0.0. The web console uses SnakeYAML to parse YAML for datasource config; untrusted YAML can be unmarshaled to a Java type via YAML tags, enabling remote code execution (RCE). Impact described as potential arbitrary code execu...