Description
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1535411
Related Vulnerabilities
CVE-2023-37478 Vulnerability in npm package @pnpm/cafs
CVE-2021-21172 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-2273 Vulnerability in maven package org.jenkins-ci.plugins:elastestv
CVE-2016-10735 Vulnerability in maven package li.rudin.mavenjs:bootstrap
CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j