CVE-2020-1947 ApacheShardingShpereUIYAML解析远程代码执行漏洞复现及分析 概述 shardingsphere是apache的一套开源生态系统,是一组分布式数据库中间件解决方案,是由sharding-jdbc、sharding-proxy和sharding-sidecar三款相互独立的框架组成,被用来提供数据分片,分布式事务,数据库治理 受影响版本 ShardingSphe
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache shardingsphere 4.0.0 |