3 matches found
com.aiwiown:aiwiown-spring-cache (>=1.0.0 <=1.0.2-2.0.1), com.connexta.libera:libera (>=1.0.1 <=1.1.1) +101 more potentially affected by CVE-2020-8441 via org.jyaml:jyaml (=1.3)
org.jyaml:jyaml MAVEN version =1.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.jyaml:jyaml and may be impacted: - com.aiwiown:aiwiown-spring-cache =1.0.0, =1.0.1, =1.0.0, =1.0.1, =0.1.3, =0.1.2, =0.1.2, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2,...
CVE-2020-8441
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load function. NOTE: this is a discontinued product...
CVE-2020-8441
CVE-2020-8441 is tied to the JYaml library (up to version 1.3). The issue arises from unsafe deserialization in the library’s load() function, allowing remote code execution when presented with a malicious payload. The description explicitly notes this is a discontinued product, and connected rec...