3 matches found
CVE-2020-1947
CVE-2020-1947 affects Apache ShardingSphere (incubator) 4.0.0-RC3 and 4.0.0. The web console uses SnakeYAML to parse YAML for datasource config; untrusted YAML can be unmarshaled to a Java type via YAML tags, enabling remote code execution (RCE). Impact described as potential arbitrary code execu...
CVE-2023-28754
The CVE-2023-28754 in Apache ShardingSphere-Agent is a Deserialization of Untrusted Data vulnerability up to version 5.3.2; it allows arbitrary code execution during YAML config deserialization via SnakeYAML, by deserializing a URLClassLoader to load a JAR from a URL and then a ScriptEngineManage...
CVE-2022-45347
The CVE-2022-45347 issue affects Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as the backend. The root cause is incomplete cleanup of the database session after client authentication fails, which could allow an attacker to issue normal commands by connecting with a crafted MySQL cl...