Headline
GHSA-v6c8-pwhq-288m: Nacos Spring vulnerable to Unsafe Deserialization
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.
Nacos Spring vulnerable to Unsafe Deserialization
Moderate severity GitHub Reviewed Published Aug 21, 2023 to the GitHub Advisory Database • Updated Aug 21, 2023
Related news
CVE-2023-39106: YAML deserialization vulnerability leads to RCE · Issue #314 · nacos-group/nacos-spring-project
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.