Lucene search
K

18 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-44795

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
CVE
CVE
added 5 days ago15 views

CVE-2026-55175

Spinnaker CVE-2026-55175 affects Rosco/Kustomize bake operations where unsafe YAML tag processing in rosco manifests can lead to remote code execution on rosco pods. Affected versions are prior to 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 across release lines; fixes are available in 2026.1.1, 20...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-55175 Spinnaker: Improper yaml processing on kustomize bake operations

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS0.00615EPSS
Exploits0References11
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51444

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...

8.8CVSS6.6AI score0.01001EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40906

Name of the Vulnerable Software and Affected Versions Apache Commons versions 2.2 through 2.14.x Description An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References25
Github Security Blog
Github Security Blog
added 2026/03/19 12:50 p.m.5 views

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

6.2CVSS5.9AI score0.00211EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2025/10/27 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-568b5b6ddc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0094

Malware in sbrugna...

9.8CVSS9.2AI score0.04422EPSS
Exploits1References6
OSV
OSV
added 2024/01/21 12:0 a.m.13 views

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

9.8CVSS9.7AI score0.01192EPSS
Exploits0References5
PyPA
PyPA
added 2023/11/13 3:15 a.m.7 views

PYSEC-2023-236

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

7.5CVSS6.9AI score0.00962EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/04 12:0 a.m.11 views

CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

9.8AI score0.02391EPSS
Exploits0References1
OSV
OSV
added 2020/08/20 8:15 a.m.3 views

DEBIAN-CVE-2020-10289

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib...

8.8CVSS8.3AI score0.0195EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.6 views

apache-commons-configuration: uncontrolled class instantiation when loading YAML files

A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...

10CVSS7.5AI score0.06684EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/07/23 3:10 p.m.5 views

apache-commons-configuration: uncontrolled class instantiation when loading YAML files

A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...

10CVSS7.5AI score0.06684EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/06/07 4:58 p.m.6 views

Resteasy: Yaml unmarshalling vulnerable to RCE

It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy...

8.1CVSS6.1AI score0.06179EPSS
Exploits0References4
Rows per page
Query Builder