UBUNTU-CVE-2022-1471

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-1471

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1471.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-1471

Related

CVE-2022-1471

Published

2022-12-01T11:15:00Z

Modified

2024-10-15T14:09:37Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

References

Affected packages

Ubuntu:Pro:14.04:LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12-2

1.12-2ubuntu0.14.04.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12-2

1.12-2ubuntu0.16.04.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17-1

1.19-1

1.20-1

1.23-1~18.04

1.23-1+deb10u1build0.18.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.23-1

1.25+ds-2

1.25+ds-2ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.28-1

1.29-1

1.29-1ubuntu0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.33-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:deb/ubuntu/snakeyaml?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.33-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}