Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml

yaml-payload Exploit payload JAR for demonstrating CVE-2022-...

PT-2023-26537 · Unknown +2 · Helix Core +3

Name of the Vulnerable Software and Affected Versions: helix-core versions prior to 1.3.0 helix-rest versions prior to 1.3.0 Description: An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize...

Apache Helix 代码问题漏洞

Apache Helix is a general-purpose cluster management framework from the Apache USA Foundation for automating the management of partitioning, replication, and distributed resources hosted on clusters of nodes. Apache Helix suffers from a deserialization vulnerability that stems from the ability to...

OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...