Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache shardingsphere vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45347
Apache ShardingSphere-Proxy before 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an malicious user to execute normal commands by constructing a special MySQL client. This vulnerabil...
Apache Shardingsphere
9.8
CVSSv3
CVE-2020-1947
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted dat...
Apache Shardingsphere 4.0.0
4 Github repositories
8.8
CVSSv3
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows malicious users to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration fi...
Apache Shardingsphere
7.5
CVSSv3
CVE-2021-26558
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an malicious user to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions before 5.0...
Apache Shardingsphere-ui
6.5
CVSSv3
CVE-2022-22733
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x vers...
Apache Shardingsphere Elasticjob-ui 3.0.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started