org.apache.shardingsphere:shardingsphere

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.shardingsphere:shardingspherepage 1 of 1

CVE-2020-1947CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.0.1
2020-03-11
vulnerable: 4.0.0, 4.0.0-RC3
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the Y…
CVE-2023-28754HIGHCVSS 8.8EG 8.8✓ Fixed in 5.4.0
2023-07-19
vulnerable: 4.0.0 ... 5.3.2 (18 versions)
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the Shardi…

Check whether org.apache.shardingsphere:shardingsphere is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.shardingsphere:shardingsphere CVEs against the assets you own.

Start Free Scan →