Apache ShardingSphere(incubator) deserialization vulnerability

Share on facebook
Share on google
Share on twitter
Share on linkedin

Overview :
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
Affected Product(s) :
ShardingSphere 4.0.0-RC3, 4.0.0

Solution :

  • Mitigation:
    4.0.0-RC3 and 4.0.0 users should upgrade to 4.0.1
    An attacker can use untrusted data to fill in the DataSource Config after
    login the sharding-ui.
    This issue was discovered by WuXiong of QI`ANXIN YUNYING Labs.


Recent Posts

Follow Us

Web Application Firewall Solution

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit