You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shardingsphere.apache.org by Juan Pan <pa...@apache.org> on 2021/11/11 03:08:08 UTC
CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of
Untrusted Data
Severity: low
Description:
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.
Mitigation:
This issue is related to ShardingSphere-UI project. If you do not deploy UI project, it is not required to upgrade. Otherwise, the vulnerability issue of servers deployed UI project or version upgrade is supposed to consider.