Description
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.
Remediation
References
https://github.com/nacos-group/nacos-spring-project/issues/314
Related Vulnerabilities
CVE-2020-11057 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro
CVE-2017-16138 Vulnerability in maven package org.webjars.npm:mime
CVE-2018-3721 Vulnerability in maven package org.webjars.bower:lodash
CVE-2021-32769 Vulnerability in maven package io.micronaut:micronaut-core