Snakeyaml Project

Snakeyaml

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-1471

Warning Exploit
  • EPSS 93.85%
  • Published 01.12.2022 11:15:10
  • Last modified 18.06.2025 09:15:47

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsin...

6.5

CVE-2022-41854

Exploit
  • EPSS 0.1%
  • Published 11.11.2022 13:15:11
  • Last modified 21.11.2024 07:23:56

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect m...

6.5

CVE-2022-38749

  • EPSS 0.52%
  • Published 05.09.2022 10:15:09
  • Last modified 21.11.2024 07:17:01

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

5.5

CVE-2022-38750

Exploit
  • EPSS 0.08%
  • Published 05.09.2022 10:15:09
  • Last modified 21.11.2024 07:17:01

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

6.5

CVE-2022-38751

  • EPSS 0.15%
  • Published 05.09.2022 10:15:09
  • Last modified 21.11.2024 07:17:01

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

6.5

CVE-2022-38752

  • EPSS 0.16%
  • Published 05.09.2022 10:15:09
  • Last modified 21.11.2024 07:17:01

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

7.5

CVE-2022-25857

Exploit
  • EPSS 0.32%
  • Published 30.08.2022 05:15:07
  • Last modified 21.11.2024 06:53:07

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

7.5

CVE-2017-18640

Exploit
  • EPSS 2.17%
  • Published 12.12.2019 03:15:10
  • Last modified 21.11.2024 03:20:32

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.