Vulnerabilities > CVE-2023-39106 - Deserialization of Untrusted Data vulnerability in Alibabacloud Nacos Spring Project
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |