Description
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Remediation
References
https://contrastsecurity.com
https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md
https://github.com/EsotericSoftware
Related Vulnerabilities
CVE-2019-1003010 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2017-16021 Vulnerability in npm package uri-js
CVE-2018-25077 Vulnerability in npm package mel-spintax
CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources