An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
References
Link | Resource |
---|---|
https://contrastsecurity.com | Third Party Advisory |
https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md | Exploit Third Party Advisory |
https://github.com/EsotericSoftware | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-25T00:00:00
Updated: 2023-08-25T19:49:52.308018
Reserved: 2023-01-30T00:00:00
Link: CVE-2023-24621
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-25T20:15:07.983
Modified: 2023-08-31T13:07:16.503
Link: CVE-2023-24621
JSON object: View
Redhat Information
No data.
CWE