CVE-2022-1471
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Summary
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SnakeYAML | SnakeYAML | 0 <= 2.0 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
- https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
- https://github.com/mbechler/marshalsec
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
- https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
- https://security.netapp.com/advisory/ntap-20230818-0015/
- http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2023/11/19/1
- https://security.netapp.com/advisory/ntap-20240621-0006/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
- https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
- https://github.com/mbechler/marshalsec
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
- https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
- https://security.netapp.com/advisory/ntap-20230818-0015/
- http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2023/11/19/1
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c
- https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.