Lucene search
K

633 matches found

Prion
Prion
added 2017/09/13 4:29 p.m.16 views

Default configuration

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...

9CVSS7.2AI score0.03825EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/09/13 4:0 p.m.25 views

CVE-2016-8744

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...

8.7AI score0.03825EPSS
Exploits1References2
CVE
CVE
added 2017/09/13 4:0 p.m.87 views

CVE-2016-8744

CVE-2016-8744 affects Apache Brooklyn. The issue stems from SnakeYAML: in Brooklyn’s default configuration prior to 0.10.0, unmarshal allows any Java type on the classpath. This enables an authenticated user to cause the JVM running Brooklyn to load and execute Java code with the process’s privil...

9CVSS8.6AI score0.03825EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2017/04/03 9:2 p.m.5 views

camel-snakeyaml: Unmarshalling operation is vulnerable to RCE

It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...

9.8CVSS6.4AI score0.06286EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/04/03 9:2 p.m.90 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.99906EPSS
Exploits21References12
NVD
NVD
added 2017/03/07 3:59 p.m.28 views

CVE-2017-3159

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

9.8CVSS9.4AI score0.06286EPSS
Exploits0References7
OSV
OSV
added 2017/03/07 3:59 p.m.27 views

CVE-2017-3159

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

9.8CVSS7.2AI score0.06286EPSS
Exploits0References7
Prion
Prion
added 2017/03/07 3:59 p.m.15 views

Design/Logic Flaw

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

7.5CVSS9.4AI score0.06286EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2017/03/07 3:0 p.m.139 views

CVE-2017-3159

CVE-2017-3159 affects Apache Camel's camel-snakeyaml component, enabling Java deserialization that can lead to remote code execution when untrusted data is deserialized. The NVD entry assigns a high/critical impact (CVSS v3 base 9.8, NETWORK/LOW complexity, no authentication) with potential execu...

9.8CVSS9.3AI score0.06286EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2017/03/07 3:0 p.m.37 views

CVE-2017-3159

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

9.5AI score0.06286EPSS
Exploits0References7
Veracode
Veracode
added 2017/02/13 7:31 a.m.20 views

Remote Code Execution (RCE)

Apache Camel's camel-snakeyaml component is vulnerable to remote code execution through a Java object deserialization vulnerability. It is possible to deserialize untrusted data in an unmarshalling operation that leads to remote code execution...

9.8CVSS9.6AI score0.06286EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2017/02/09 3:48 p.m.63 views

CVE-2017-3159

It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...

9.8CVSS4.2AI score0.06286EPSS
Exploits0References2
Veracode
Veracode
added 2016/12/16 8:5 a.m.44 views

Remote Code Execution (RCE)

RESTEasy is vulnerable to remote code execution. SnakeYAML unmarshalling is exploitable for code execution. As RESTeasy uses SnakeYAML and enables the yaml provider by default, under certain conditions, RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of...

8.1CVSS8.5AI score0.06179EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder