3 matches found
CVE-2026-44795
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...
PT-2026-51444
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...