CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

EUVD-2021-13357

Malware in sbrugna...

EUVD-2023-1936

Malicious code in bioql PyPI...

EUVD-2022-54255

Malicious code in bioql PyPI...

EUVD-2022-7763

Malicious code in bioql PyPI...

CVE-2023-28754

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...

CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

CVE-2021-26558

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...

CVE-2020-1947

In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...

The vulnerability of the Lite UI user interface library used in Apache ShardingSphere ElasticJob-UI for task scheduling arises from an internal index assignment error. This error allows attackers to gain unauthorized access to protected information.

The vulnerability of the Lite UI user interface library used in the Apache ShardingSphere ElasticJob-UI task scheduling software is related to an error in the assignment of the internal interface index. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

CVE-2022-31764

The CVE describes an RCE in Apache ShardingSphere ElasticJob-UI Lite UI, exploitable by constructing a special H2 JDBC URL. Affected versions are 3.0.1 and earlier; ElasticJob-UI 3.0.2 fixes the issue. The attack premise requires the attacker to have obtained the account credentials; without them...

CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

Apache ShardingSphere ElasticJob-UI 安全漏洞

Apache ShardingSphere ElasticJob-UI is an administrator console for ElasticJob from the Apache USA Foundation. A security vulnerability exists in Apache ShardingSphere ElasticJob-UI version 3.0.1 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...

This Week in Spring - December 10th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am in the southern hemisphere it's summer down here!, in Brisbane, waiting to board a plane for Sydney. It's been a ton of fun! I did a video looking at the latest-and-greatest in Spring Framework 6.2 - chec...

This Week in Spring - January 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...

A Bootiful Podcast: Apache Skywalking’s Sheng Wu and Apache ShardingSphere’s Trista Pan

Hi, Spring fans! In this installment we're joined by two Apache luminaries Trista Pan - of Apache ShardingSphere - and Sheng Wu - of Apache Skywalking...