=====================================================================

                              CERT-Renater

                  Note d'Information No. 2021/VULN606
_____________________________________________________________________

DATE                : 12/11/2021

HARDWARE PLATFOR, M(S): /

OPERATING SYSTEM(S): Systems running Apache ShardingSphere-UI versions
                          4.1.1 and later, versions prior to 5.0.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/shardingsphere-dev/202111.mbox/%3c79b5a65e-3fad-4434-a702-227c4bca5bae@apache.org%3e
_____________________________________________________________________

CVE-2021-26558: Apache ShardingSphere-UI: Deserialization of Untrusted Data


Severity: low

Description:

Deserialization of Untrusted Data vulnerability of Apache
ShardingSphere-UI allows an attacker to inject outer link
resources.  This issue affects Apache ShardingSphere-UI Apache
ShardingSphere-UI version 4.1.1 and later versions;
Apache ShardingSphere-UI versions prior to 5.0.0.


Mitigation:

This issue is related to ShardingSphere-UI project. If you do not deploy
UI project, it is not required to upgrade.
Otherwise, the vulnerability issue of servers deployed UI project or
version upgrade is supposed to consider.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================