{"vulnerability": "ghsa-mjmj-j48q-9wg2", "sightings": [{"uuid": "aa2ba9cc-54e5-461d-af0e-2bfe02013805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/e45016e80aca46d7918ba499cafa1af0", "content": "", "creation_timestamp": "2025-07-16T09:57:34.000000Z"}, {"uuid": "ffde26f4-6fa3-4152-bb65-bd5ccc520b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/0be0b98675baf83de42e33ed5c8ca55e", "content": "", "creation_timestamp": "2025-07-16T06:34:04.000000Z"}, {"uuid": "81245b7c-f6f1-4dad-bce2-cc84f21e1195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/c2216b5d3e2d6726f802333827d83269", "content": "", "creation_timestamp": "2025-07-16T03:26:38.000000Z"}, {"uuid": "577fd787-016e-4d7c-b5d9-f82831c117ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/f17dd9ec05eaa98cd94e7e32cd52f5f8", "content": "", "creation_timestamp": "2025-07-16T03:58:10.000000Z"}, {"uuid": "abce3762-59a0-4f90-8fe2-1fa2a1baef66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/3dcff2aa616dcde9ac2ac8aefaa3438b", "content": "", "creation_timestamp": "2025-07-16T05:00:07.000000Z"}, {"uuid": "b9bbf35c-929f-498a-8ad0-f98800389687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/aca4e378e46713da0969c1bf326de5be", "content": "", "creation_timestamp": "2025-07-16T11:28:45.000000Z"}, {"uuid": "97591331-d9d4-4628-b9a2-d68608da3e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/7df70d9043df79002466ec734c1504f4", "content": "", "creation_timestamp": "2025-07-16T14:57:42.000000Z"}, {"uuid": "20feb225-0044-475e-b7b8-1cb20ec1a231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/03f7f0d5931f6af20b42248cd731633a", "content": "", "creation_timestamp": "2025-07-16T15:24:05.000000Z"}, {"uuid": "2535b9f5-0e81-49d4-afa7-cb852b8ee189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/315612cf6371bc59c08bf1d8656dc747", "content": "", "creation_timestamp": "2025-07-16T16:06:16.000000Z"}, {"uuid": "b04a04cf-9e4f-4761-b24a-cfc930fd3be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/5a6abdd77db71e446fe4eac85870cc78", "content": "", "creation_timestamp": "2025-07-16T16:21:43.000000Z"}, {"uuid": "f069e61d-9709-4b86-a41a-9f9efd40cab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/safer-bot/2c549c1f94bce8355084487a9608ea85", "content": "", "creation_timestamp": "2025-07-16T17:20:13.000000Z"}, {"uuid": "45e2f80f-0461-4685-afd0-289267aa1240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-mjmj-j48q-9wg2", "type": "seen", "source": "https://gist.github.com/jerinisready/f588121fb487feb7edbfe9ee2be11a0e", "content": "", "creation_timestamp": "2025-12-16T12:21:21.000000Z"}, {"uuid": "1f87d2a0-043a-4b5d-bc7b-c953d1e71863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-MJMJ-J48Q-9WG2", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18694", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-1471\n\ud83d\udd25 CVSS Score: 8.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)\n\ud83d\udd39 Description: SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n\ud83d\udccf Published: 2022-12-01T10:47:07.203Z\n\ud83d\udccf Modified: 2025-06-18T08:32:58.546Z\n\ud83d\udd17 References:\n1. https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2\n2. https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479\n3. https://github.com/mbechler/marshalsec\n4. https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true\n5. https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc\n6. https://security.netapp.com/advisory/ntap-20230818-0015/\n7. http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html\n8. http://www.openwall.com/lists/oss-security/2023/11/19/1\n9. https://security.netapp.com/advisory/ntap-20240621-0006/\n10. https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c\n11. https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html", "creation_timestamp": "2025-06-18T08:42:18.000000Z"}]}