Tag
unsafe-deserialization
Safeguard articles tagged "unsafe-deserialization" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Unsafe deserialization in SnakeYAML CVE-2022-1471
CVE-2022-1471 lets attackers achieve RCE via SnakeYAML's unsafe Constructor. Learn affected versions, CVSS/EPSS context, and remediation steps.
May 6, 20267 min read
Vulnerability Analysis
PyYAML full_load unsafe deserialization arbitrary code execution (CVE-2020-14343)
CVE-2020-14343 shows PyYAML's full_load/FullLoader "safe" fix was incomplete, enabling arbitrary code execution. Here's the fix and how to detect exposure.
Dec 30, 20257 min read