Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shardingsphere vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows malicious users to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration fi...
Apache Shardingsphere
NA
CVE-2022-45347
Apache ShardingSphere-Proxy before 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an malicious user to execute normal commands by constructing a special MySQL client. This vulnerabil...
Apache Shardingsphere
7.5
CVSSv2
CVE-2020-1947
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted dat...
Apache Shardingsphere 4.0.0
4 Github repositories
5
CVSSv2
CVE-2021-26558
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an malicious user to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions before 5.0...
Apache Shardingsphere-ui
4
CVSSv2
CVE-2022-22733
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x vers...
Apache Shardingsphere Elasticjob-ui 3.0.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started