Vulnerabilities > Apache > Shardingsphere > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-45347 Unspecified vulnerability in Apache Shardingsphere
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client.
network
low complexity
apache
critical
9.8
2020-03-11 CVE-2020-1947 Deserialization of Untrusted Data vulnerability in Apache Shardingsphere 4.0.0
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration.
network
low complexity
apache CWE-502
critical
9.8