Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 19.0.1.Final, 20.0.0.Beta5
Affects Version/s: 19.0.0.Final
Component/s: Management
Labels:
- downstream_dependency

Git Pull Request:
https://github.com/wildfly/wildfly-core/pull/5319, https://github.com/wildfly/wildfly-core/pull/5320

CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution

Update the YAML Configuration Extension so that it won't try to deserialize yaml to java classes.

is cloned by

JBEAP-24346 (7.4.z) WFCORE-6169 - Disable YAML deserialization in the YAML Configuration Extension

Closed

Assignee:: Emmanuel Hugonnet

Reporter:: Emmanuel Hugonnet

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2022/12/12 2:59 PM

Updated:: 2023/01/12 8:44 AM

Resolved:: 2022/12/13 12:06 AM