Description

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.

Remediation

References

https://github.com/nacos-group/nacos-spring-project/issues/314

Related Vulnerabilities

CVE-2012-0393 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2022-24823 Vulnerability in maven package io.netty:netty-codec-http

CVE-2017-16187 Vulnerability in npm package open-device

CVE-2021-3377 Vulnerability in npm package ansi_up

CVE-2020-8192 Vulnerability in npm package fastify

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking