CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
24.3%
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Vendor | Product | Version | CPE |
---|---|---|---|
com.esotericsoftware.yamlbeans | yamlbeans | * | cpe:2.3:a:com.esotericsoftware.yamlbeans:yamlbeans:*:*:*:*:*:*:*:* |