SnakeYaml is vulnerable to Remote Code Execution (RCE). The vulnerability is due to deserializing unrestricted types in the Constructor
method leading to Remote Code execution through classpath injection.
packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
www.openwall.com/lists/oss-security/2023/11/19/1
bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in
bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
bitbucket.org/snakeyaml/snakeyaml/issues/564/
bitbucket.org/snakeyaml/snakeyaml/pull-requests/44
github.com/develar/snakeyaml/blob/master/src/main/java/org/yaml/snakeyaml/constructor/Constructor.java#L245-L247
github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
github.com/mbechler/marshalsec
groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
security.netapp.com/advisory/ntap-20230818-0015/
www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
www.javadoc.io/doc/org.yaml/snakeyaml/latest/org/yaml/snakeyaml/LoaderOptions.html