Количество 2
Количество 2
CVE-2020-1947
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
GHSA-v54f-xcmp-43cr
Deserialization of Untrusted Data in Apache ShardingSphere
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-1947 In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. | CVSS3: 9.8 | 89% Высокий | почти 6 лет назад |
| GHSA-v54f-xcmp-43cr Deserialization of Untrusted Data in Apache ShardingSphere | CVSS3: 9.8 | 89% Высокий | почти 4 года назад |
Уязвимостей на страницу