FedSearch
Markus Herhoffer · @d135_1r43
19 followers · 211 posts · Server mastodon.social

Wow. Genau so sollte man als Library-Entwickler mit ernsthaften Sicherheitslücken nicht umgehen. bitbucket.org/snakeyaml/snakey

#SnakeYAML #security

Last updated 2 years ago
Original post

Gerrit Grunwald · @hansolo_
722 followers · 349 posts · Server mastodon.social
Open media

RT @BrianVerm@twitter.com

SnakeYaml, a YAML parser and emitter for Java, has a vulnerability that allows arbitrary code execution. The flaw in its Constructor class doesn't restrict deserialized types. Learn more about this vulnerability: buff.ly/3iQxvqy

🐦🔗: twitter.com/BrianVerm/status/1

#java #SnakeYAML #securityvulnerability

Last updated 2 years ago
Original post

Brian Vermeer · @brianverm
421 followers · 92 posts · Server mastodon.social

SnakeYaml, a YAML parser and emitter for Java, has a vulnerability that allows arbitrary code execution. The flaw in its Constructor class doesn't restrict deserialized types. Learn more about this vulnerability: t.co/iPENynt41h
t.co/3Kbq1IaZM3

#java #SnakeYAML #securityvulnerability

Last updated 2 years ago
Original post