Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-v6c8-pwhq-288m: Nacos Spring vulnerable to Unsafe Deserialization

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.

ghsa
#git

Nacos Spring vulnerable to Unsafe Deserialization

Moderate severity GitHub Reviewed Published Aug 21, 2023 to the GitHub Advisory Database • Updated Aug 21, 2023

Related news

CVE-2023-39106: YAML deserialization vulnerability leads to RCE · Issue #314 · nacos-group/nacos-spring-project

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.