Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-26	CVE-2023-38647	Deserialization of Untrusted Data vulnerability in Apache Helix 0.9.10/0.9.9/1.2.0 An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. network low complexity apache CWE-502 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.