Esoteric YamlBeans Java deserialization via YAML v1.15
CVE-2023-24621 Published on August 25, 2023

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.

NVD

Products Associated with CVE-2023-24621

Want to know whenever a new CVE is published for Esotericsoftware Yamlbeans? stack.watch will email you.

Esotericsoftware Yamlbeans

Exploit Probability

EPSS

0.04%

Percentile

11.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Esoteric YamlBeans Java deserialization via YAML v1.15CVE-2023-24621 Published on August 25, 2023

Products Associated with CVE-2023-24621

Exploit Probability

Esoteric YamlBeans Java deserialization via YAML v1.15
CVE-2023-24621 Published on August 25, 2023