Vulnerabilities > CVE-2022-28948 - Deserialization of Untrusted Data vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
yaml-project
netapp
CWE-502
NVD
Published: 2022-05-19
Updated: 2022-10-28

Summary

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

Vulnerable Configurations

Part Description Count
Application
Yaml_Project
1
Application
Netapp
1

Common Weakness Enumeration (CWE)

References