{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2022-1471", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "dateReserved": "2022-04-26T08:32:53.188Z", "datePublished": "2022-12-01T10:47:07.203Z", "dateUpdated": "2025-02-13T16:28:51.210Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SnakeYAML", "vendor": "SnakeYAML", "versions": [{"lessThanOrEqual": "2.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.</span></span><br>"}], "value": "SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond."}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-06-21T19:06:07.203Z"}, "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"}, {"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"}, {"url": "https://github.com/mbechler/marshalsec"}, {"url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"}, {"url": "https://security.netapp.com/advisory/ntap-20230818-0015/"}, {"url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "source": {"discovery": "UNKNOWN"}, "title": "Remote Code execution in SnakeYAML", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:06.269Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "tags": ["x_transferred"]}, {"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479", "tags": ["x_transferred"]}, {"url": "https://github.com/mbechler/marshalsec", "tags": ["x_transferred"]}, {"url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230818-0015/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/19/1", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T18:13:22.155371Z", "id": "CVE-2022-1471", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T13:52:47.976Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "tags": ["x_transferred"]}, {"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479", "tags": ["x_transferred"]}, {"url": "https://github.com/mbechler/marshalsec", "tags": ["x_transferred"]}, {"url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230818-0015/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/19/1", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:06.269Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-1471", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-07T18:13:22.155371Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T13:52:43.794Z"}}], "cna": {"title": "Remote Code execution in SnakeYAML", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SnakeYAML", "product": "SnakeYAML", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"}, {"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"}, {"url": "https://github.com/mbechler/marshalsec"}, {"url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"}, {"url": "https://security.netapp.com/advisory/ntap-20230818-0015/"}, {"url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.</span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-04-25T16:48:44.288Z"}}}, "cveMetadata": {"cveId": "CVE-2022-1471", "state": "PUBLISHED", "dateUpdated": "2024-09-17T13:52:47.976Z", "dateReserved": "2022-04-26T08:32:53.188Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2022-12-01T10:47:07.203Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*", "matchCriteriaId": "3598DC3A-DDD1-4A0B-ACDA-406B85A1EA1A", "versionEndExcluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond."}, {"lang": "es", "value": "La clase Constructor() de SnakeYaml no restringe los tipos de los que se pueden crear instancias durante la deserializaci\u00f3n. La deserializaci\u00f3n del contenido yaml proporcionado por un atacante puede conducir a la ejecuci\u00f3n remota de c\u00f3digo. Recomendamos utilizar SafeConsturctor de SnakeYaml al analizar contenido que no es de confianza para restringir la deserializaci\u00f3n. Recomendamos actualizar a la versi\u00f3n 2.0 y posteriores."}], "id": "CVE-2022-1471", "lastModified": "2025-02-13T17:15:35.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-01T11:15:10.553", "references": [{"source": "cve-coordination@google.com", "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"}, {"source": "cve-coordination@google.com", "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"}, {"source": "cve-coordination@google.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"}, {"source": "cve-coordination@google.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mbechler/marshalsec"}, {"source": "cve-coordination@google.com", "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"}, {"source": "cve-coordination@google.com", "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"}, {"source": "cve-coordination@google.com", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "cve-coordination@google.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mbechler/marshalsec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7697", "cpe": "cpe:/a:redhat:amq_clients:2023_q4", "package": "snakeyaml", "product_name": "AMQ Clients", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:1516", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "moderate", "package": "snakeyaml", "product_name": "EAP 7.4.10 release", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:3198", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-2-plugins-0:4.11.1683009941-1.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2023-05-17T00:00:00Z"}, {"advisory": "RHSA-2023:6171", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-2-plugins-0:4.11.1698299029-1.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2023-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:0775", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-2-plugins-0:4.11.1706516946-1.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2023:5165", "cpe": "cpe:/a:redhat:amq_streams:2", "product_name": "Red Hat AMQ Streams 2.5.0", "release_date": "2023-09-14T00:00:00Z"}, {"advisory": "RHSA-2022:9032", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "snakeyaml", "product_name": "Red Hat build of Eclipse Vert.x 4.3.4", "release_date": "2022-12-15T00:00:00Z"}, {"advisory": "RHSA-2023:0758", "cpe": "cpe:/a:redhat:quarkus:2.13", "product_name": "Red Hat build of Quarkus", "release_date": "2023-02-14T00:00:00Z"}, {"advisory": "RHSA-2023:1006", "cpe": "cpe:/a:redhat:quarkus:2.7", "impact": "moderate", "package": "snakeyaml", "product_name": "Red Hat build of Quarkus 2.7.7", "release_date": "2023-03-08T00:00:00Z"}, {"advisory": "RHSA-2022:9058", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "prometheus-jmx-exporter-0:0.12.0-9.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-12-15T00:00:00Z"}, {"advisory": "RHSA-2025:1746", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHSA-2025:1746", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHSA-2025:1747", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHSA-2025:1747", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHSA-2025:1747", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-02-24T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "moderate", "package": "eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "moderate", "package": "eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "moderate", "package": "eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:0697", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "jenkins-2-plugins-0:4.10.1675407676-1.el8", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0777", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "jenkins-2-plugins-0:4.9.1675668922-1.el8", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2023-02-23T00:00:00Z"}, {"advisory": "RHSA-2023:2097", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "impact": "moderate", "package": "candlepin-0:4.2.13-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}, {"advisory": "RHSA-2023:1049", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "snakeyaml", "product_name": "Red Hat Single Sign-On 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1043", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1044", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:4612", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "snakeyaml", "product_name": "Red Hat support for Spring Boot 2.7.13", "release_date": "2023-08-16T00:00:00Z"}, {"advisory": "RHSA-2024:0325", "cpe": "cpe:/a:redhat:rhosemc:1.0::el7", "package": "openjdk/openjdk-11-rhel7:1.17-1", "product_name": "RHEL-7 based Middleware Containers", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0325", "cpe": "cpe:/a:redhat:rhosemc:1.0::el7", "package": "redhat-openjdk-18/openjdk18-openshift:1.17-1", "product_name": "RHEL-7 based Middleware Containers", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHBA-2023:0030", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "ubi8/openjdk-11:1.14-11", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-01-04T00:00:00Z"}, {"advisory": "RHBA-2023:0030", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "ubi8/openjdk-11-runtime:1.14-11", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-01-04T00:00:00Z"}, {"advisory": "RHBA-2023:0030", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "ubi8/openjdk-17:1.14-9", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-01-04T00:00:00Z"}, {"advisory": "RHBA-2023:0030", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "ubi8/openjdk-17-runtime:1.14-8", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-01-04T00:00:00Z"}, {"advisory": "RHBA-2023:0030", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "ubi8/openjdk-8:1.14-12", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-01-04T00:00:00Z"}, {"advisory": "RHBA-2023:0030", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "ubi8/openjdk-8-runtime:1.14-10", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-01-04T00:00:00Z"}, {"advisory": "RHSA-2023:1047", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-20", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2024:1353", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "impact": "low", "package": "snakeyaml", "product_name": "RHPAM 7.13.5 async", "release_date": "2024-03-18T00:00:00Z"}], "bugzilla": {"description": "SnakeYaml: Constructor Deserialization Remote Code Execution", "id": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-1066->CWE-502", "details": ["SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.", "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE)."], "name": "CVE-2022-1471", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Affected", "impact": "low", "package_name": "snakeyaml", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:amq_online:1", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat A-MQ Online"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Affected", "impact": "moderate", "package_name": "snakeyaml", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat build of Debezium 1"}, {"cpe": "cpe:/a:redhat:openjdk:11", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat build of OpenJDK 11"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "snakeyaml", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Affected", "package_name": "snakeyaml", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "impact": "moderate", "package_name": "snakeyaml", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "impact": "moderate", "package_name": "snakeyaml", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "impact": "moderate", "package_name": "snakeyaml", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat Integration Service Registry"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "eap6-snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "snakeyaml", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Affected", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Affected", "package_name": "openshift3/metrics-cassandra", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Affected", "package_name": "openshift3/metrics-hawkular-metrics", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Affected", "package_name": "openshift3/ose-metrics-cassandra", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Affected", "package_name": "openshift3/ose-metrics-hawkular-metrics", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/idea-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "impact": "moderate", "package_name": "puppetserver", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "impact": "moderate", "package_name": "snakeyaml", "product_name": "streams for Apache Kafka"}], "public_date": "2022-10-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1471\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1471\nhttps://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"], "statement": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml's SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker's control. Due to that the impact for RHPAM is reduced to Low.\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml's Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "threat_severity": "Important"}