Apache Submarine is a cloud-native machine learning platform from the Apache (USA) Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution.