An issue exists in Esoteric YamlBeans up to and including 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esotericsoftware yamlbeans |