oss-sec mailing list archives
CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data
From: Juan Pan <panjuan () apache org>
Date: Thu, 11 Nov 2021 03:08:08 +0000
Severity: low Description: Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. Mitigation: This issue is related to ShardingSphere-UI project. If you do not deploy UI project, it is not required to upgrade. Otherwise, the vulnerability issue of servers deployed UI project or version upgrade is supposed to consider.
Current thread:
- CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data Juan Pan (Nov 11)