GreyNoise Labs - Panic!! At the YAML An overview of SnakeYAML deserialiation vulnerabilities (CVE-2022-1471) - how it works, why it works, and what it affects

Before the break, I started looking at CVE-2022-1471 in Confluence et al, which led me learn about SnakeYAML deserialization. It was quite the ride, full of open source drama and related vulns. I wrote it all up in this blog post!

#vuln #vulnerability #poc #java #deserialization #snakeyaml #yaml