Описание
Esoteric YamlBeans Unsafe Deserialization vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Пакеты
Наименование
com.esotericsoftware.yamlbeans:yamlbeans
maven
Затронутые версииВерсия исправления
<= 1.15
Отсутствует
Связанные уязвимости
CVSS3: 7.8
nvd
больше 2 лет назад
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.