CVE-2022-1471 — SnakeYAML Deserialization RCE

Overview

Critical

Low

Medium

No items found.

Package: org.yaml:snakeyaml

Impact: Remote code execution via unsafe YAML deserialization

Fix: Update to SnakeYAML v2.0+

Year: 2022

CVSS: 9.8

Severity: Critical

* src/main/java/org/yaml/snakeyaml/constructor/Constructor.java

* protected Class<?> getClassForNode(Node node)