Lucene search
+L

6 matches found

github
github
added 2023/11/20 9:30 a.m.58 views

Deserialization of Untrusted Data in apache-submarine

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS6.7AI score0.01747EPSS
Exploits9References6Affected Software1
nvd
nvd
added 2023/11/20 9:15 a.m.41 views

CVE-2023-46302

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS0.01747EPSS
Exploits9References3
prion
prion
added 2023/11/20 9:15 a.m.47 views

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

7.5CVSS7.2AI score0.99615EPSS
Exploits9References3Affected Software1
osv
osv
added 2023/11/20 9:15 a.m.54 views

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS7.7AI score0.01747EPSS
Exploits9References4
cvelist
cvelist
added 2023/11/20 8:46 a.m.51 views

CVE-2023-46302 Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.7AI score0.99615EPSS
Exploits9References3
cve
cve
added 2023/11/20 8:46 a.m.104 views

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

9.8CVSS9.5AI score0.99615EPSS
Exploits9References3Affected Software1
Rows per page
Query Builder