Описание
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.15 (включая)
cpe:2.3:a:esotericsoftware:yamlbeans:*:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00034
Низкий
7.8 High
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
Esoteric YamlBeans Unsafe Deserialization vulnerability
EPSS
Процентиль: 10%
0.00034
Низкий
7.8 High
CVSS3
Дефекты
CWE-502