H1-1807214 — Vulnetix

H1-1807214 PUBLISHED CVSS 6.699999809265137 MEDIUM

The `io.kubernetes.client.util.generic.dynamic.Dynamics` contains a code execution vulnerability due to SnakeYAML

Risk Scores

CVSS 3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

Sentinel demo: transitive snakeyaml CVE-2022-1471 via Spring Boot + exploitable code pattern (github-poc-repo)
Sentinel demo: transitive snakeyaml CVE-2022-1471 via Spring Boot + exploitable code pattern (github-poc)
Code for veracode blog (github-poc-repo)
SnakeYAML-CVE-2022-1471-POC (github-poc-repo)
SnakeYAML CVE-2022-1471 exploit payload for demo (github-poc-repo)
attacker (github-poc-repo)
attacker (github-poc)
SnakeYAML CVE-2022-1471 exploit payload for demo (github-poc)
SnakeYAML-CVE-2022-1471-POC (github-poc)
Code for veracode blog (github-poc)

…and 15 more exploits

Timeline

Apr 25, 2023 CVE Published
Apr 25, 2023 PoC Published

References

The `io.kubernetes.client.util.generic.dynamic.Dynamics` contains a code execution vulnerability due to SnakeYAML advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›