Is CVE-2020-1947 known to be exploited?

45 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Shardingsphere(incubator)

CVE-2020-1947

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the Y…

EPSS: 0.855 (99.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Shardingsphere(incubator) — versions 4.0.0-RC3, 4.0.0

Public proof-of-concept exploits

jas502n/CVE-2020-1947
wsfengfan/CVE-2020-1947
StarkChristmas/CVE-2020-1947
shadowsock5/ShardingSphere_CVE-2020-1947
ARPSyndicate/cvemon
AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
BrittanyKuhn/javascript-tutorial
CnHack3r/Penetration_
CraigChristmas/CVE-2020-1947
EchoGin404/-

References

lists.apache.org/thread.html/r4a61a24c119bd820da6fb02100d286f8aae55c8f9b94a346b… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-1947?: CVE-2020-1947 is a vulnerability in Apache Software Foundation Shardingsphere(incubator). Published 2020-03-11.
Is CVE-2020-1947 known to be exploited?: 45 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.