[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data
From:       Juan Pan <panjuan () apache ! org>
Date:       2021-11-11 3:08:08
Message-ID: 72d28796-d98d-7476-0df3-2bcb59fd79c9 () apache ! org
[Download RAW message or body]

Severity: low

Description:

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI=
 allows an attacker to inject outer link resources.  This issue affects =
Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later =
versions; Apache ShardingSphere-UI versions prior to 5.0.0.

Mitigation:

This issue is related to ShardingSphere-UI project. If you do not deploy UI=
 project, it is not required to upgrade. Otherwise, the vulnerability issue=
 of servers deployed UI project or version upgrade is supposed to consider.=


[prev in list] [next in list] [prev in thread] [next in thread]