Show filters
25 Total Results
Displaying 1-10 of 25
Sort by:
Attacker Value
Low

CVE-2022-1471

Disclosure Date: December 01, 2022 (last updated February 14, 2025)
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
Unknown

CVE-2023-2251

Disclosure Date: April 24, 2023 (last updated October 08, 2023)
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-3064

Disclosure Date: December 27, 2022 (last updated October 08, 2023)
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-4235

Disclosure Date: December 27, 2022 (last updated October 08, 2023)
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-41854

Disclosure Date: September 11, 2022 (last updated November 08, 2023)
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-38752

Disclosure Date: September 05, 2022 (last updated October 08, 2023)
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38751

Disclosure Date: September 05, 2022 (last updated October 08, 2023)
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-38750

Disclosure Date: September 05, 2022 (last updated October 08, 2023)
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-38749

Disclosure Date: September 05, 2022 (last updated October 08, 2023)
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25857

Disclosure Date: August 30, 2022 (last updated October 08, 2023)
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >