CVE-2022-1471
Aliases:GHSA-mjmj-j48q-9wg2
Advisory lineage Upstream: 0 Downstream: 17
Modified
Published: 01 Dec 2022, 10:47
Last modified:18 Jun 2025, 08:32
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
93.85% CRITICAL
94% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected
Timeline
01 Dec 2022, 10:47
Published
Vulnerability first disclosed
18 Jun 2025, 08:32
Last Modified
Vulnerability information updated
Description
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CVSS Metrics
- v3.1•HIGH•Score: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 93.85%• Percentile: 100%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-502•Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Affected Systems
- org.yaml•snakeyaml
< 2.0
- snakeyaml_project•snakeyaml
< 2.0
- snakeyaml•snakeyaml
≤ 2.0
References (21)
- https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
- https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
- https://github.com/mbechler/marshalsec
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
- https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
- https://security.netapp.com/advisory/ntap-20230818-0015/
- http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2023/11/19/1
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c
- https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-1471
- https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://security.netapp.com/advisory/ntap-20230818-0015
- https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471
- https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314
- https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
- https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4
- https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758
- https://bitbucket.org/snakeyaml/snakeyaml