all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Resolving CVE-2022-1471  with the SnakeYAML 2.0 Release

Add to bookmarks
March 3, 2023, 4:03 p.m. | Nova Trauben@veracode.com (Nova Trauben)

Application Security Research, News, and Education Blog www.veracode.com

In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw. 
Exploring Deserialization 
SnakeYAML is a popular Java library to parse YAML (YAML …

code code execution critical critical flaw cve deserialization down february flaw malicious october package release remote code remote code execution version yaml

Visit resource

More from www.veracode.com / Application Security Research, News, and Education Blog

Your Must-Know AI and Cloud-Native AppSec Insights at RSAC 2024 1 week ago | www.veracode.com
application application security appsec catch +16
New in Veracode Fix: Additional Language Support and Batch Fix 1 week, 4 days ago | www.veracode.com
ai-powered batch can customer +14
Enhancing Developer Efficiency With AI-Powered Remediation 1 week, 6 days ago | www.veracode.com
ai-powered code code security copilot +21
Speed vs Security: Striking the Right Balance in Software Development with AI 2 weeks, 5 days ago | www.veracode.com
ai software artificial artificial intelligence balance +15
Veracode Advances Cloud-Native Application Security with Longbow Acquisition 1 month ago | www.veracode.com
acquisition application application security cloud +22
Veracode Customers Shielded from NVD Disruptions 1 month, 1 week ago | www.veracode.com
analysis customers cves database +13
Resolving Simple Cross-Site Scripting Flaws with Veracode Fix 1 month, 1 week ago | www.veracode.com
application blog code cross-site +16
Security Debt: A Growing Threat to Application Security 1 month, 2 weeks ago | www.veracode.com
application application security debt development +17
A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape 1 month, 3 weeks ago | www.veracode.com
address attack attack surface back +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Consultant infrastructure sécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel
View on infosec-jobs.com

Information Security Operations Officer

@ International Labour Organization | Geneva, CH, 1200
View on infosec-jobs.com

PMO Cybersécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Third Party Risk Management - Consultant

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Consultant Cyber Sécurité H/F - Strasbourg

@ Hifield | Strasbourg, France
View on infosec-jobs.com
View more jobs