7 matches found
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
GHSA-3CXH-XP3G-JXJM Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
CVE-2023-28754
The CVE-2023-28754 in Apache ShardingSphere-Agent is a Deserialization of Untrusted Data vulnerability up to version 5.3.2; it allows arbitrary code execution during YAML config deserialization via SnakeYAML, by deserializing a URLClassLoader to load a JAR from a URL and then a ScriptEngineManage...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...