CVE-2023-39106

Name of the Vulnerable Software and Affected Versions Nacos Spring Project versions 1.1.1 and earlier

Description The issue allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. This enables the attacker to potentially gain control over the system, leading to severe security consequences.

Recommendations For versions 1.1.1 and earlier, consider disabling the SnakeYamls component or restricting access to it until a patch is available. As a temporary workaround, avoid using the Constructor() function of the SnakeYamls component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.