The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to
recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary code

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64snakeyaml<= 2.2-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	snakeyaml	<= 2.2-1	UNKNOWN

f5 1

cgr 1

hackerone 1

atlassian 3

oraclelinux 1

ibm 49

nessus 25

cve 2

osv 7

nvd 2

almalinux 1

veracode 1

redhat 29

redhatcve 1

prion 2

github 2

githubexploit 1

ubuntucve 1

cvelist 2

debiancve 1

rocky 2

metasploit 1

zdt 1

packetstorm 1

thn 2

rapid7blog 1

hivepro 1

qualysblog 5

oracle 5

K000132638 : SnakeYAML vulnerability CVE-2022-1471

2023-02-16 00:00:00

cgr

CVE-2022-1471 vulnerabilities

2024-04-30 09:06:13

hackerone

Kubernetes: The `io.kubernetes.client.util.generic.dynamic.Dynamics` contains a code execution vulnerability due to SnakeYAML

2022-12-15 19:07:04

atlassian

RCE (Remote Code Execution) in - CVE-2022-1471

2023-10-08 08:44:33

RCE (Remote Code Execution) in Confluence Data Center and Server - CVE-2022-1471

2023-09-11 21:13:51

RCE (Remote Code Execution) in Bitbucket Data Center and Server - CVE-2022-1471

2023-09-19 20:41:22

oraclelinux

prometheus-jmx-exporter security update

2022-12-15 00:00:00

ibm

Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471]

2023-07-19 20:29:29

Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)

2023-03-29 09:34:44

Security Bulletin: Deserialization vulnerability affect IBM Business Automation Workflow BPM Event Emitters - CVE-2022-1471

2023-05-12 10:44:12

nessus

Rocky Linux 8 : prometheus-jmx-exporter (RLSA-2022:9058)

2023-01-30 00:00:00

Atlassian Bitbucket < 7.21.16 / 8.8.7 / 8.9.4 / 8.10.3 / 8.11.3 / 8.12.2 RCE

2023-12-19 00:00:00

Atlassian Confluence 6.13.x < 7.13.18 / 7.14.x < 7.19.10 / 7.20.x < 8.3.1 (CONFSERVER-91463)

2023-12-13 00:00:00

cve

CVE-2022-1471

2022-12-01 11:15:10

CVE-2023-46302

2023-11-20 09:15:07

osv

Important: prometheus-jmx-exporter security update

2022-12-15 15:08:09

Important: prometheus-jmx-exporter security update

2022-12-15 00:00:00

SnakeYaml Constructor Deserialization Remote Code Execution

2022-12-12 21:19:47

nvd

CVE-2022-1471

2022-12-01 11:15:10

CVE-2023-46302

2023-11-20 09:15:07

almalinux

Important: prometheus-jmx-exporter security update

2022-12-15 00:00:00

veracode

Remote Code Execution (RCE)

2022-12-02 17:22:00

redhat

(RHSA-2022:9058) Important: prometheus-jmx-exporter security update

2022-12-15 15:08:09

(RHSA-2023:0697) Important: OpenShift Container Platform 4.10.52 security update

2023-02-15 15:39:07

(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update

2022-12-15 12:38:08

redhatcve

CVE-2022-1471

2022-12-01 15:56:23

prion

Deserialization of untrusted data

2022-12-01 11:15:00

Design/Logic Flaw

2023-11-20 09:15:00

github

SnakeYaml Constructor Deserialization Remote Code Execution

2022-12-12 21:19:47

Deserialization of Untrusted Data in apache-submarine

2023-11-20 09:30:31

githubexploit

Exploit for Deserialization of Untrusted Data in Snakeyaml Project Snakeyaml

2023-03-02 16:33:02

ubuntucve

CVE-2022-1471

2022-12-01 00:00:00

cvelist

CVE-2022-1471 Remote Code execution in SnakeYAML

2022-12-01 10:47:07

CVE-2023-46302 Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization

2023-11-20 08:46:56

debiancve

CVE-2022-1471

2022-12-01 11:15:10

rocky

prometheus-jmx-exporter security update

2022-12-15 15:08:09

Satellite 6.13 Release

2023-05-05 15:39:58

metasploit

PyTorch Model Server Registration and Deserialization RCE

2023-10-12 13:27:26

zdt

PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit

2023-10-15 00:00:00

packetstorm

PyTorch Model Server Registration / Deserialization Remote Code Execution

2023-10-13 00:00:00

thn

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

2023-10-03 16:24:00

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

2023-12-06 09:18:00

rapid7blog

Metasploit Weekly Wrap-Up

2023-10-13 17:03:36

hivepro

Atlassian Addresses Critical RCE Flaws

2023-12-07 12:45:52

qualysblog

Oracle Patch Update, April 2024 Security Update Review

2024-04-17 14:39:59

Oracle Patch Update, January 2024 Security Update Review

2024-01-17 15:29:33

Oracle Patch Tuesday April 2023 Security Update Review

2023-04-19 11:47:21

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for ROS-20240514-03