Description
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.
Remediation
References
https://github.com/nacos-group/nacos-spring-project/issues/314
Related Vulnerabilities
CVE-2015-1833 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav
CVE-2020-7598 Vulnerability in maven package org.webjars.npm:minimist
CVE-2020-5258 Vulnerability in maven package org.webjars.bower:dojo
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-script
CVE-2017-16008 Vulnerability in maven package org.webjars.bower:i18next