CVE-2021-46364: YAML Deserialization in Magnolia CMS
CVE-2021-46364: YAML Deserialization in Magnolia CMS Magnolia (versions <=623) has a Snake YAML parser which is vulnerable to deserialization attacks that can allow an attacker to call arbitrary Java constructors when importing YAML files Remote Code Execution has been achieved using this vulnerability Vendor Disclosure: The vendor's disclosure and fix for this