Skip to content

Commit c6bcda4

Browse files
committed
1 parent c1d861f commit c6bcda4

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

advisories/github-reviewed/2026/06/GHSA-c8q4-9h32-2ww8/GHSA-c8q4-9h32-2ww8.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-c8q4-9h32-2ww8",
4-
"modified": "2026-06-22T20:43:37Z",
4+
"modified": "2026-06-22T20:43:39Z",
55
"published": "2026-06-22T20:43:37Z",
66
"aliases": [
77
"CVE-2026-44795"
88
],
9-
"summary": "Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types",
9+
"summary": "Spinnaker has unsafe yaml deserialization, allowing RCE when using specific types",
1010
"details": "### Impact\nThere's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing:\n* CloudFormation deployments\n* CloudFoundry Baking\n\nThe usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE.\n\n### Patches\n 2025.3.3, 2026.0.3 and 2025.4.4.\n\n### Workarounds\nDisable the CloudFormation system and cloudfoundry baking operations.\n\n### Resources\nJoin Spinnaker on Slack for more information!",
1111
"severity": [
1212
{

0 commit comments

Comments
 (0)