Lucene search
GoogleOSV:GHSA-V54F-XCMP-43CRHistoryFeb 10, 2022 - 8:39 p.m.
Deserialization of Untrusted Data in Apache ShardingSphere
2022-02-1020:39:47
Google
osv.dev
9
apache shardingsphere
untrusted data
deserialization
rce
snakeyaml
security flaws
EPSS
0.006
Percentile
78.1%
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
Related
checkpoint_advisories
checkpoint_advisories
Apache ShardingSphere Insecure Deserialization (CVE-2020-1947)
2020-04-26 00:00:00
cvelist
cvelist
CVE-2020-1947
2020-03-11 20:40:53
github
github
Deserialization of Untrusted Data in Apache ShardingSphere
2022-02-10 20:39:47
osv
osv
CVE-2020-1947
2020-03-11 21:15:11
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Shardingsphere
2020-05-29 08:07:16
prion
prion
Code injection
2020-03-11 21:15:00
cve
cve
CVE-2020-1947
2020-03-11 21:15:11
nvd
nvd
CVE-2020-1947
2020-03-11 21:15:11