CVE-2020-1947
CVE-2020-1947
Vexday Risk Score
15Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 33.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
11 Mar 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.
Affected products
Apache Software Foundation · Apache ShardingSphere(incubator)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →