9 matches found
EUVD-2023-2356
Malicious code in bioql PyPI...
GHSA-V6C8-PWHQ-288M Nacos Spring vulnerable to Unsafe Deserialization
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor component...
cn.dynamictp:dynamic-tp-example-nacos (>=1.0.8 <=1.1.2), cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.18) +75 more potentially affected by CVE-2023-39106 via com.alibaba.nacos:nacos-spring-context (>=0.1.0-RC1 <=1.1.1)
com.alibaba.nacos:nacos-spring-context MAVEN version =0.1.0-RC1, =1.0.8, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =0.1.0, =0.1.0, =0.1.10, =0.1.10, =0.1.10, =0.1.10, =2.0.0, =2.0.0, =2.0.0-beta8 - com.gitee.pulanos.pangu:pangu-framework =5.0.0 and more Source cves: CVE-2023-39106 Source advisory:...
CVE-2023-39106
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor component...
CVE-2023-39106
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor component...
CVE-2023-39106
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor component...
CVE-2023-39106
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor component...
CVE-2023-39106
CVE-2023-39106 concerns the Nacos Spring Project (v1.1.1 and earlier). The issue arises in the SnakeYamls Constructor(), used to parse YAML files, allowing a remote attacker to execute arbitrary code. The vulnerability is described consistently across multiple sources in the provided documents (N...
Nacos Spring Project 代码问题漏洞
Nacos Spring Project is a Nacos Group open source project for discovering, configuring and managing cloud-native applications. A security vulnerability exists in Nacos Spring Project v.1.1.1 and earlier versions, which stems from a vulnerability that allows an attacker to execute arbitrary code v...