9.8

CVE-2022-1471

Warnung
Exploit

Remote Code execution in SnakeYAML

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Snakeyaml ProjectSnakeyaml Version < 2.0
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.62% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve-coordination@google.com 8.3 2.8 5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
Third Party Advisory
Exploit
https://security.netapp.com/advisory/ntap-20240621-0006/
https://github.com/mbechler/marshalsec
Third Party Advisory
Exploit
http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2023/11/19/1
https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
Third Party Advisory
Issue Tracking
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
Third Party Advisory
Exploit
https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
https://security.netapp.com/advisory/ntap-20230818-0015/
https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c