3 matches found
CVE-2026-44795
CVE-2026-44795 affects Spinnaker (Cloud deployments/baking paths) where unsafe YAML processing bypasses safe deserialization via a non-safe constructor, enabling arbitrary Java class loading and remote code execution. Affected versions precede fixed releases and include 2026.1.0, 2026.0.3, 2025.4...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...
PT-2026-51444
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...