{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24621", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:03:18.917Z", "dateReserved": "2023-01-30T00:00:00", "datePublished": "2023-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-25T19:49:52.308018"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/EsotericSoftware"}, {"url": "https://contrastsecurity.com"}, {"url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.917Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/EsotericSoftware", "tags": ["x_transferred"]}, {"url": "https://contrastsecurity.com", "tags": ["x_transferred"]}, {"url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:esotericsoftware:yamlbeans:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA60B6AE-695A-4791-88C5-576BDEEA4FE4", "versionEndIncluding": "1.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en YamlBeans de Esoteric a trav\u00e9s de 1.15. Permite la deserializaci\u00f3n no confiable a clases Java de forma predeterminada, donde los datos y la clase son controlados por el autor del documento YAML que se est\u00e1 procesando.\n"}], "id": "CVE-2023-24621", "lastModified": "2023-08-31T13:07:16.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T20:15:07.983", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://contrastsecurity.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/EsotericSoftware"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}