Lucene search
K

The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to the restoration of the unreliable data structure in memory, allows a perpetrator to execute arbitrary code.

🗓️ 03 Jan 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec
🔗 bdu.fstec.ru👁 4 Views

SnakeYAML deserialization flaw enables remote arbitrary code execution by restoring a fragile in memory data structure.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023
30 Jun 202315:51
ibm
IBM Security Bulletins
Security Bulletin: IBM Operational Decision Manager April 2023 - Multiple CVEs
22 May 202309:01
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SnakeYaml code execution (CVE-2022-1471)
15 Feb 202302:59
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
9 Jan 202420:27
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository
5 Mar 202416:54
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
20 Aug 202502:37
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5
30 Apr 202418:52
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by a SnakeYaml deserialization vulnerability (CVE-2022-1471)
19 Nov 202413:48
ibm
IBM Security Bulletins
Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in snakeYAML
14 Jul 202321:40
ibm
IBM Security Bulletins
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale GUI where remote authenticated attacker can execute an arbitrary code on the system (CVE-2022-1471)
5 Apr 202309:33
ibm
Rows per page
Vulners
Node
wazuh,wazuhMatch4.4.5
OROR
apachecassandraMatch4.1.3
OR
gradlegradleMatch8.14.3

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Feb 2026 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 39.8
CVSS 210
EPSS0.99615
4