CVE-2023-39106

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 21, 2023

Updated: Aug 31, 2023

CWE ID 502

Summary

CVE-2023-39106 is a new vulnerability affecting the Nacos Group Nacos Spring Project version 1.1.1 and earlier. This issue grants remote attackers the ability to execute arbitrary code due to a weakness in the SnakeYamls Constructor() component. By exploiting this vulnerability, cybercriminals can inject and run malicious code, potentially leading to significant security breaches and data loss. Users are strongly advised to update their Nacos Spring Project installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG8lS4
https://www.cve.org/CVERecord?id=CVE-2023-39106
https://nvd.nist.gov/vuln/detail/CVE-2023-39106

Back to Vulnerability Database

CVE-2023-39106

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations