Vulnerabilities > Apache > Helix > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-26 CVE-2023-38647 Unspecified vulnerability in Apache Helix 0.9.10/0.9.9/1.2.0
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader.
network
low complexity
apache
critical
9.8