LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.4 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Important: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...

DEBIAN-CVE-2022-1471

SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...