6 matches found
Deserialization of Untrusted Data in apache-submarine
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
CVE-2023-46302
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
Design/Logic Flaw
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
PYSEC-2023-240
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
CVE-2023-46302 Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
CVE-2023-46302
CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...