[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data
From: Juan Pan <panjuan () apache ! org>
Date: 2021-11-11 3:08:08
Message-ID: 72d28796-d98d-7476-0df3-2bcb59fd79c9 () apache ! org
[Download RAW message or body]
Severity: low
Description:
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI=
allows an attacker to inject outer link resources. This issue affects =
Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later =
versions; Apache ShardingSphere-UI versions prior to 5.0.0.
Mitigation:
This issue is related to ShardingSphere-UI project. If you do not deploy UI=
project, it is not required to upgrade. Otherwise, the vulnerability issue=
of servers deployed UI project or version upgrade is supposed to consider.=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic