Description
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Remediation
References
https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md
https://github.com/EsotericSoftware
https://contrastsecurity.com
Related Vulnerabilities
CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-14966 Vulnerability in maven package org.webjars.bower:jsrsasign
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-spring
CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder
CVE-2017-16192 Vulnerability in npm package getcityapi.yoehoehne