all InfoSec news
CVE-2023-28754 (shardingsphere)
July 19, 2023, 8:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that …
access agent apache attackers code configuration cve data deserialization file jar machine permission special target untrusted url vulnerability yaml
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Architect - Northwest region (Remote)
@ GuidePoint Security LLC | Remote
Senior Consultant, Cyber Security Architecture
@ 6point6 | Manchester, United Kingdom
Junior Security Architect
@ IQ-EQ | Port Louis, Mauritius
Senior Detection & Response Engineer
@ Expel | Remote
Cyber Security Systems Engineer ISSE Splunk
@ SAP | Southbank (Melbourne), VIC, AU, 3006