{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52834?format=json","vulnerability_id":"VCID-dmkc-42vj-gbhc","summary":"SnakeYaml Constructor Deserialization Remote Code Execution\n### Summary\nSnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows\nany type be deserialized given the following line:\n\nnew Yaml(new Constructor(TestDataClass.class)).load(yamlContent);\n\nTypes do not have to match the types of properties in the\ntarget class. A `ConstructorException` is thrown, but only after a malicious\npayload is deserialized.\n\n### Severity\nHigh, lack of type checks during deserialization allows remote code execution.\n\n### Proof of Concept\nExecute `bash run.sh`. The PoC uses Constructor to deserialize a payload\nfor RCE. RCE is demonstrated by using a payload which performs a http request to\nhttp://127.0.0.1:8000.\n\nExample output of successful run of proof of concept:\n\n```\n$ bash run.sh\n\n[+] Downloading snakeyaml if needed\n[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE\nnc: no process found\n[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.\n[+] An exception is expected.\nException:\nCannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0\n in 'string', line 1, column 1:\n    payload: !!javax.script.ScriptEn ... \n    ^\nCan not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n in 'string', line 1, column 10:\n    payload: !!javax.script.ScriptEngineManag ... \n             ^\n\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)\n\tat org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)\n\tat org.yaml.snakeyaml.Yaml.load(Yaml.java:416)\n\tat Main.main(Main.java:37)\nCaused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)\n\tat java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)\n\tat java.base/java.lang.reflect.Field.set(Field.java:780)\n\tat org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)\n\t... 9 more\n[+] Dumping Received HTTP Request. Will not be empty if PoC worked\nGET /proof-of-concept HTTP/1.1\nUser-Agent: Java/11.0.14\nHost: localhost:8000\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\nConnection: keep-alive\n```\n\n### Further Analysis\nPotential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.\n\nSee https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.\n\n### Timeline\n**Date reported**: 4/11/2022\n**Date fixed**:  [30/12/2022](https://bitbucket.org/snakeyaml/snakeyaml/pull-requests/44)\n**Date disclosed**: 10/13/2022","aliases":[{"alias":"CVE-2022-1471"},{"alias":"GHSA-mjmj-j48q-9wg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80491?format=json","purl":"pkg:maven/org.yaml/snakeyaml@2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@2.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/197931?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/197932?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/197933?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/197934?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/197935?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/197936?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/197937?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/197938?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/197939?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/197940?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/197941?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/197942?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/197943?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/197944?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/197945?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/197946?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/197947?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/197948?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/197949?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/197950?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.23"},{"url":"http://public2.vulnerablecode.io/api/packages/197951?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.24"},{"url":"http://public2.vulnerablecode.io/api/packages/197952?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-e8hu-czv4-yyc5"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.25"},{"url":"http://public2.vulnerablecode.io/api/packages/76440?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.26"},{"url":"http://public2.vulnerablecode.io/api/packages/326657?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.27"},{"url":"http://public2.vulnerablecode.io/api/packages/326658?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.28"},{"url":"http://public2.vulnerablecode.io/api/packages/326659?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.29"},{"url":"http://public2.vulnerablecode.io/api/packages/326660?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.30"},{"url":"http://public2.vulnerablecode.io/api/packages/79975?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.31"},{"url":"http://public2.vulnerablecode.io/api/packages/80178?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dmkc-42vj-gbhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.32"},{"url":"http://public2.vulnerablecode.io/api/packages/346222?format=json","purl":"pkg:maven/org.yaml/snakeyaml@1.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dmkc-42vj-gbhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.yaml/snakeyaml@1.33"},{"url":"http://public2.vulnerablecode.io/api/packages/96695?format=json","purl":"pkg:rpm/redhat/candlepin@4.2.13-1?arch=el8sat","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cup-9gdn-yyhk"},{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-mbst-3bec-ykcq"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-qub7-qp14-uqcg"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/candlepin@4.2.13-1%3Farch=el8sat"},{"url":"http://public2.vulnerablecode.io/api/packages/97433?format=json","purl":"pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00004.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8977-tjss-w7ba"},{"vulnerability":"VCID-9bk7-2rsc-nbd6"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-jwav-88m7-6fhz"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-qruf-r6dc-3ugj"},{"vulnerability":"VCID-turp-dju7-c7fx"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-wp9q-eurd-43dx"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00004.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/97441?format=json","purl":"pkg:rpm/redhat/eap7-resteasy@3.0.27-1.Final_redhat_00001.1.ep7?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qfd-jjh1-d3fx"},{"vulnerability":"VCID-8977-tjss-w7ba"},{"vulnerability":"VCID-9bk7-2rsc-nbd6"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-bydt-bkf4-rbh2"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-jvp6-892x-nkc7"},{"vulnerability":"VCID-jwav-88m7-6fhz"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-q6t7-9mjk-7fdd"},{"vulnerability":"VCID-qruf-r6dc-3ugj"},{"vulnerability":"VCID-ruae-hqdg-m7ek"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-wdgx-34uc-2qa4"},{"vulnerability":"VCID-wp9q-eurd-43dx"},{"vulnerability":"VCID-xnyb-nuwm-pkdr"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-resteasy@3.0.27-1.Final_redhat_00001.1.ep7%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/97431?format=json","purl":"pkg:rpm/redhat/eap7-resteasy@3.11.6-1.Final_redhat_00001.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8977-tjss-w7ba"},{"vulnerability":"VCID-9bk7-2rsc-nbd6"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-jwav-88m7-6fhz"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-qruf-r6dc-3ugj"},{"vulnerability":"VCID-turp-dju7-c7fx"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-wp9q-eurd-43dx"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-resteasy@3.11.6-1.Final_redhat_00001.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/97440?format=json","purl":"pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8977-tjss-w7ba"},{"vulnerability":"VCID-9bk7-2rsc-nbd6"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-jwav-88m7-6fhz"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-qruf-r6dc-3ugj"},{"vulnerability":"VCID-turp-dju7-c7fx"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/97447?format=json","purl":"pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.ep7?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8977-tjss-w7ba"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-jwav-88m7-6fhz"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-qruf-r6dc-3ugj"},{"vulnerability":"VCID-wp9q-eurd-43dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.ep7%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/97348?format=json","purl":"pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4s4f-emvn-9bhh"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-knw5-d2nn-vyhq"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/97328?format=json","purl":"pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4s4f-emvn-9bhh"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-knw5-d2nn-vyhq"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/97308?format=json","purl":"pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4s4f-emvn-9bhh"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fb8u-g65k-hffs"},{"vulnerability":"VCID-knw5-d2nn-vyhq"},{"vulnerability":"VCID-sqsn-ygsg-yfdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-snakeyaml@1.33.0-2.SP1_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/97536?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13zs-2sn8-3yey"},{"vulnerability":"VCID-1tha-u7dt-tfc9"},{"vulnerability":"VCID-2zhb-qfhq-xkdp"},{"vulnerability":"VCID-4qvq-xv22-xbed"},{"vulnerability":"VCID-5jjh-qcnz-mye7"},{"vulnerability":"VCID-73th-g3mx-dqf1"},{"vulnerability":"VCID-892e-957y-4yc8"},{"vulnerability":"VCID-9h4k-xjx5-afc8"},{"vulnerability":"VCID-atqg-nfz6-zyfs"},{"vulnerability":"VCID-ca7m-fb38-kfe2"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-fzvq-dpvh-v7eu"},{"vulnerability":"VCID-gxu6-51zm-sfh7"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-n5vc-ggjg-kfc1"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-pnge-tumu-v7e2"},{"vulnerability":"VCID-pwtj-az3g-zka3"},{"vulnerability":"VCID-rs56-6qvx-vucg"},{"vulnerability":"VCID-rxtr-936k-h3cc"},{"vulnerability":"VCID-s839-rpta-6bej"},{"vulnerability":"VCID-tx8n-nmhx-gqg1"},{"vulnerability":"VCID-ubq1-gzr6-x3fu"},{"vulnerability":"VCID-xq5k-dyk9-u3ct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1675668922-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/97697?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.10.1675407676-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dmkc-42vj-gbhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1675407676-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/97035?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.11.1683009941-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tha-u7dt-tfc9"},{"vulnerability":"VCID-2zhb-qfhq-xkdp"},{"vulnerability":"VCID-4qvq-xv22-xbed"},{"vulnerability":"VCID-5bu5-5b6n-nuft"},{"vulnerability":"VCID-73th-g3mx-dqf1"},{"vulnerability":"VCID-atqg-nfz6-zyfs"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j584-bgww-z7fw"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-m3g5-ua28-afd2"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-n5vc-ggjg-kfc1"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-pnge-tumu-v7e2"},{"vulnerability":"VCID-quvj-3tpk-qug1"},{"vulnerability":"VCID-rxtr-936k-h3cc"},{"vulnerability":"VCID-s839-rpta-6bej"},{"vulnerability":"VCID-tx8n-nmhx-gqg1"},{"vulnerability":"VCID-xq5k-dyk9-u3ct"},{"vulnerability":"VCID-zxcj-h6nx-m7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1683009941-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/95242?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.11.1698299029-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bu5-5b6n-nuft"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-h7qt-3g1f-5ffr"},{"vulnerability":"VCID-j584-bgww-z7fw"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-quvj-3tpk-qug1"},{"vulnerability":"VCID-zxcj-h6nx-m7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1698299029-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/95803?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.11.1706516946-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bu5-5b6n-nuft"},{"vulnerability":"VCID-955x-hg4a-5kc3"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-j584-bgww-z7fw"},{"vulnerability":"VCID-j986-mtma-b3bw"},{"vulnerability":"VCID-quvj-3tpk-qug1"},{"vulnerability":"VCID-zxcj-h6nx-m7gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1706516946-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/97696?format=json","purl":"pkg:rpm/redhat/prometheus-jmx-exporter@0.12.0-9?arch=el8_7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dmkc-42vj-gbhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus-jmx-exporter@0.12.0-9%3Farch=el8_7"},{"url":"http://public2.vulnerablecode.io/api/packages/96972?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1?arch=el9sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-4v1f-kt5y-w7d1"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-ebn8-cjqs-k3ad"},{"vulnerability":"VCID-gp47-t3vm-57an"},{"vulnerability":"VCID-hbwg-ebvx-k7e1"},{"vulnerability":"VCID-kexn-gjxj-uudm"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-myp4-24sf-9yfv"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-ptd4-8f7f-hyg6"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqx4-euc2-myew"},{"vulnerability":"VCID-turp-dju7-c7fx"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-vfsr-kypp-wbea"},{"vulnerability":"VCID-wp9q-eurd-43dx"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"},{"vulnerability":"VCID-y1np-kma2-ayfn"},{"vulnerability":"VCID-y3ey-aab7-q3fk"},{"vulnerability":"VCID-y8up-mkx2-abcn"},{"vulnerability":"VCID-y9aa-2a31-ufa7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1%3Farch=el9sso"},{"url":"http://public2.vulnerablecode.io/api/packages/96971?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1?arch=el8sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-4v1f-kt5y-w7d1"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-ebn8-cjqs-k3ad"},{"vulnerability":"VCID-gp47-t3vm-57an"},{"vulnerability":"VCID-hbwg-ebvx-k7e1"},{"vulnerability":"VCID-kexn-gjxj-uudm"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-myp4-24sf-9yfv"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-ptd4-8f7f-hyg6"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqx4-euc2-myew"},{"vulnerability":"VCID-turp-dju7-c7fx"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-vfsr-kypp-wbea"},{"vulnerability":"VCID-wp9q-eurd-43dx"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"},{"vulnerability":"VCID-y1np-kma2-ayfn"},{"vulnerability":"VCID-y3ey-aab7-q3fk"},{"vulnerability":"VCID-y8up-mkx2-abcn"},{"vulnerability":"VCID-y9aa-2a31-ufa7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1%3Farch=el8sso"},{"url":"http://public2.vulnerablecode.io/api/packages/96973?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1?arch=el7sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-4nu3-fknt-puej"},{"vulnerability":"VCID-4v1f-kt5y-w7d1"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-6354-p39b-zbhp"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dmkc-42vj-gbhc"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-ebn8-cjqs-k3ad"},{"vulnerability":"VCID-gp47-t3vm-57an"},{"vulnerability":"VCID-hbwg-ebvx-k7e1"},{"vulnerability":"VCID-kexn-gjxj-uudm"},{"vulnerability":"VCID-mm3e-4pej-byed"},{"vulnerability":"VCID-myp4-24sf-9yfv"},{"vulnerability":"VCID-netd-rr9e-wbg5"},{"vulnerability":"VCID-ptd4-8f7f-hyg6"},{"vulnerability":"VCID-qxfs-sq38-jfad"},{"vulnerability":"VCID-sqx4-euc2-myew"},{"vulnerability":"VCID-turp-dju7-c7fx"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-vfsr-kypp-wbea"},{"vulnerability":"VCID-wp9q-eurd-43dx"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-xzs8-rbhd-mkbp"},{"vulnerability":"VCID-y1np-kma2-ayfn"},{"vulnerability":"VCID-y3ey-aab7-q3fk"},{"vulnerability":"VCID-y8up-mkx2-abcn"},{"vulnerability":"VCID-y9aa-2a31-ufa7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1%3Farch=el7sso"}],"references":[{"reference_url":"http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"0.93796","scoring_system":"epss","scoring_elements":"0.99862","published_at":"2026-05-12T12:55:00Z"},{"value":"0.93796","scoring_system":"epss","scoring_elements":"0.99863","published_at":"2026-05-15T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99865","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99864","published_at":"2026-04-01T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99868","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99867","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.94088","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1471"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471"},{"reference_url":"https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"},{"reference_url":"https://github.com/mbechler/marshalsec","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://github.com/mbechler/marshalsec"},{"reference_url":"https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"},{"reference_url":"https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1471"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0015","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230818-0015"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471"},{"reference_url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/19/1","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/19/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2150009","reference_id":"2150009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2150009"},{"reference_url":"https://github.com/advisories/GHSA-mjmj-j48q-9wg2","reference_id":"GHSA-mjmj-j48q-9wg2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mjmj-j48q-9wg2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0015/","reference_id":"ntap-20230818-0015","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-07T18:13:22Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230818-0015/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9058","reference_id":"RHSA-2022:9058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0697","reference_id":"RHSA-2023:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0758","reference_id":"RHSA-2023:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5165","reference_id":"RHSA-2023:5165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6171","reference_id":"RHSA-2023:6171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7697","reference_id":"RHSA-2023:7697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0325","reference_id":"RHSA-2024:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0775","reference_id":"RHSA-2024:0775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":502,"name":"Deserialization of Untrusted Data","description":"The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[{"date_added":null,"description":"The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an\n        unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management\n        interface is bound to all IP addresses and not just the loop back interface as the documentation suggests. The\n        second vulnerability (CVE-2023-43654) allows attackers with access to the management interface to register MAR\n        model files from arbitrary servers. The third vulnerability is that when an MAR file is loaded, it can contain a\n        YAML configuration file that when deserialized by snakeyaml, can lead to loading an arbitrary Java class.","required_action":null,"due_date":null,"notes":"Stability:\n  - crash-safe\nSideEffects:\n  - ioc-in-logs\nReliability:\n  - repeatable-session\n","known_ransomware_campaign_use":false,"source_date_published":"2023-10-03","exploit_type":null,"platform":"Java","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/torchserver_cve_2023_43654.rb"}],"severity_range_score":"7.0 - 9.8","exploitability":"2.0","weighted_severity":"8.8","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmkc-42vj-gbhc"}