Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAMNRR76nvdbR33WNWP-Rag0V7pFs-WFCLWv+=saSX0AsqgPC7w@mail.gmail.com>
Date: Wed, 11 Mar 2020 12:32:54 +0800
From: Chen QingYang <chenqingyang@...che.org>
To: oss-security@...ts.openwall.com
Subject: [CVE-2020-1947] Apache ShardingSphere(incubator) deserialization vulnerability

CVE-2020-1947: Apache ShardingSphere(incubator) deserialization
vulnerability

Severity: low

Vendor:
The Apache Software Foundation

Versions Affected:
ShardingSphere 4.0.0-RC3, 4.0.0

Description:
Apache ShardingSphere's web console uses the SnakeYAML library for parsing
YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal
data to a Java type By using the YAML tag. Unmarshalling untrusted data can
lead to security flaws of RCE.

Mitigation:
4.0.0-RC3 and 4.0.0 users should upgrade to 4.0.1

Example:
An attacker can use untrusted data to fill in the DataSource Config after
login the sharding-ui.

Credit:
This issue was discovered by WuXiong of QI`ANXIN YUNYING Labs.

References:
https://shardingsphere.apache.org/community/en/security/


Chen QingYang
Apache ShardingSphere

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.