Vulnerability Details : CVE-2022-1471
Public exploit exists!
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Vulnerability category: Execute code
Products affected by CVE-2022-1471
- cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1471
93.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-1471
-
PyTorch Model Server Registration and Deserialization RCE
Disclosure Date: 2023-10-03First seen: 2023-10-15exploit/multi/http/torchserver_cve_2023_43654The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop b
CVSS scores for CVE-2022-1471
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
2.8
|
5.5
|
Google Inc. | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
|
9.8
|
CRITICAL | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
Oracle:CPUOct2023 |
CWE ids for CVE-2022-1471
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: cve-coordination@google.com (Secondary)
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-1471
-
https://security.netapp.com/advisory/ntap-20230818-0015/
CVE-2022-1471 SnakeYAML Vulnerability in NetApp Products | NetApp Product Security
-
https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
SnakeYaml: Constructor Deserialization Remote Code Execution · Advisory · google/security-research · GitHubExploit;Third Party Advisory
-
https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471
-
https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
Exploit;Third Party Advisory
-
http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
PyTorch Model Server Registration / Deserialization Remote Code Execution ≈ Packet Storm
-
http://www.openwall.com/lists/oss-security/2023/11/19/1
oss-security - CVE-2023-46302: Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization
-
https://security.netapp.com/advisory/ntap-20240621-0006/
February 2024 IBM Cognos Analytics Vulnerabilities in NetApp Products | NetApp Product Security
-
https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479
snakeyaml / snakeyaml / issues / #561 - CVE-2022-1471 (vulnerability in deserialization) — BitbucketIssue Tracking;Third Party Advisory
-
https://github.com/mbechler/marshalsec
GitHub - mbechler/marshalsecExploit;Third Party Advisory
Jump to