What the vulnerability does

01Description

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

Key dates

02Disclosure timeline

March 7, 2024 CVE published
August 12, 2024 Record updated