Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-1471 Vulnerability in maven package org.yaml:snakeyaml

Description

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Remediation

References

http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html

http://www.openwall.com/lists/oss-security/2023/11/19/1

https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479

https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2

https://github.com/mbechler/marshalsec

https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc

https://security.netapp.com/advisory/ntap-20230818-0015/

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true

Related Vulnerabilities

CVE-2022-31160 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2018-20843 Vulnerability in npm package dbus

CVE-2021-29369 Vulnerability in npm package gnuplot

CVE-2022-36083 Vulnerability in npm package jose-browser-runtime

CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.freemarker

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory Exploit