6 matches found
SUSE CVE-2023-38647
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...
CVE-2023-38647 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2023-38647 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2023-38647 Apache Helix: Deserialization vulnerability in Helix workflow and REST
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...
CVE-2023-38647
CVE-2023-38647 describes a deserialization vulnerability in Apache Helix workflow and REST where SnakeYAML can deserialize java.net.URLClassLoader to load a JAR from a URL, and then javax.script.ScriptEngineManager to execute code with that ClassLoader. This unbounded deserialization can likely l...
CVE-2023-38647 Apache Helix: Deserialization vulnerability in Helix workflow and REST
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...