FKIE_CVE-2022-1471

Vulnerability from fkie_nvd - Published: 2022-12-01 11:15 - Updated: 2025-06-18 09:15
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
References
cve-coordination@google.comhttp://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
cve-coordination@google.comhttp://www.openwall.com/lists/oss-security/2023/11/19/1
cve-coordination@google.comhttps://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479Issue Tracking, Third Party Advisory
cve-coordination@google.comhttps://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
cve-coordination@google.comhttps://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2Exploit, Third Party Advisory
cve-coordination@google.comhttps://github.com/mbechler/marshalsecExploit, Third Party Advisory
cve-coordination@google.comhttps://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
cve-coordination@google.comhttps://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c
cve-coordination@google.comhttps://security.netapp.com/advisory/ntap-20230818-0015/
cve-coordination@google.comhttps://security.netapp.com/advisory/ntap-20240621-0006/
cve-coordination@google.comhttps://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=trueExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/11/19/1
af854a3a-2127-422b-91ae-364da2661108https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/mbechler/marshalsecExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230818-0015/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=trueExploit, Third Party Advisory
Impacted products
Vendor Product Version
snakeyaml_project snakeyaml *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3598DC3A-DDD1-4A0B-ACDA-406B85A1EA1A",
              "versionEndExcluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond."
    },
    {
      "lang": "es",
      "value": "La clase Constructor() de SnakeYaml no restringe los tipos de los que se pueden crear instancias durante la deserializaci\u00f3n. La deserializaci\u00f3n del contenido yaml proporcionado por un atacante puede conducir a la ejecuci\u00f3n remota de c\u00f3digo. Recomendamos utilizar SafeConsturctor de SnakeYaml al analizar contenido que no es de confianza para restringir la deserializaci\u00f3n. Recomendamos actualizar a la versi\u00f3n 2.0 y posteriores."
    }
  ],
  "id": "CVE-2022-1471",
  "lastModified": "2025-06-18T09:15:47.243",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-01T11:15:10.553",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/mbechler/marshalsec"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/mbechler/marshalsec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.