Shardingsphere@* Security Vulnerabilities and Issues — Shardingsphere@* CVE List

Lucene search

ApacheShardingsphere*

3 matches found

CVE•added 2020/03/11 9:15 p.m.•123 views

CVE-2020-1947

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security f...

9.8CVSS9.4AI score0.88982EPSS

CVE•added 2023/07/19 8:15 a.m.•61 views

CVE-2023-28754

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine,...

8.8CVSS8.8AI score0.00234EPSS

CVE•added 2022/12/22 11:15 a.m.•60 views

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache...

9.8CVSS9.7AI score0.00568EPSS