Tag
snakeyaml
Safeguard articles tagged "snakeyaml" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Vulnerability Management
CVE-2022-1471: Inside the SnakeYaml Deserialization RCE
CVE-2022-1471 scored 9.8 CRITICAL under NIST's CVSS calculation — a single YAML tag could hand attackers remote code execution in any Java app parsing untrusted input.
Jul 8, 20265 min read
Vulnerability Analysis
Unsafe deserialization in SnakeYAML CVE-2022-1471
CVE-2022-1471 lets attackers achieve RCE via SnakeYAML's unsafe Constructor. Learn affected versions, CVSS/EPSS context, and remediation steps.
May 6, 20267 min read
Vulnerability Analysis
CVE-2022-1471: Remote code execution in SnakeYAML deseria...
CVE-2022-1471 exposes SnakeYAML deserialization to remote code execution. Here is what is affected, CVSS context, and how to remediate the flaw.
Sep 23, 20257 min read
Vulnerability Analysis
CVE-2017-18640: Denial of service via SnakeYAML alias ent...
CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.
Sep 22, 20257 min read