633 matches found
Default configuration
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
CVE-2016-8744
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
CVE-2016-8744
CVE-2016-8744 affects Apache Brooklyn. The issue stems from SnakeYAML: in Brooklyn’s default configuration prior to 0.10.0, unmarshal allows any Java type on the classpath. This enables an authenticated user to cause the JVM running Brooklyn to load and execute Java code with the process’s privil...
camel-snakeyaml: Unmarshalling operation is vulnerable to RCE
It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
Design/Logic Flaw
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2017-3159
CVE-2017-3159 affects Apache Camel's camel-snakeyaml component, enabling Java deserialization that can lead to remote code execution when untrusted data is deserialized. The NVD entry assigns a high/critical impact (CVSS v3 base 9.8, NETWORK/LOW complexity, no authentication) with potential execu...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
Remote Code Execution (RCE)
Apache Camel's camel-snakeyaml component is vulnerable to remote code execution through a Java object deserialization vulnerability. It is possible to deserialize untrusted data in an unmarshalling operation that leads to remote code execution...
CVE-2017-3159
It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack...
Remote Code Execution (RCE)
RESTEasy is vulnerable to remote code execution. SnakeYAML unmarshalling is exploitable for code execution. As RESTeasy uses SnakeYAML and enables the yaml provider by default, under certain conditions, RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of...