You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shardingsphere.apache.org by Juan Pan <pa...@apache.org> on 2021/11/11 03:08:08 UTC

CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data

Severity: low

Description:

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources.  This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.

Mitigation:

This issue is related to ShardingSphere-UI project. If you do not deploy UI project, it is not required to upgrade. Otherwise, the vulnerability issue of servers deployed UI project or version upgrade is supposed to consider.