CVE-2023-28754
- EPSS 0.23%
- Published 19.07.2023 08:15:10
- Last modified 21.11.2024 07:55:56
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Ag...
CVE-2022-45347
- EPSS 0.53%
- Published 22.12.2022 11:15:09
- Last modified 15.04.2025 14:15:35
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL cl...
CVE-2020-1947
- EPSS 88.98%
- Published 11.03.2020 21:15:11
- Last modified 21.11.2024 05:11:42
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Un...