4 matches found
Remote Code Execution (RCE)
org.apache.helix:helix-core and org.apache.helix:helix-rest are vulnerable to Remote Code Execution RCE. The vulnerable SnakeYAML component could be used by an attacker to deserialize Java.net.URLClassLoader and instruct it to load a JAR from a certain URL before deserializing...
CVE-2023-38647
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...
Deserialization of untrusted data
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...