CVE-2023-24621

Name of the Vulnerable Software and Affected Versions Esoteric YamlBeans versions through 1.15

Description An issue was discovered in Esoteric YamlBeans that allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.

Recommendations For Esoteric YamlBeans versions through 1.15, consider disabling the deserialisation of untrusted YAML documents until a patch is available. Restrict access to sensitive Java classes to minimize the risk of exploitation. Avoid using untrusted YAML documents in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.