Vulnerabilities > Snakeyaml Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-01 | CVE-2022-1471 | Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. | 9.8 |
2022-11-11 | CVE-2022-41854 | Out-of-bounds Write vulnerability in multiple products Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |
2022-09-05 | CVE-2022-38749 | Out-of-bounds Write vulnerability in multiple products Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |
2022-09-05 | CVE-2022-38750 | Out-of-bounds Write vulnerability in multiple products Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 5.5 |
2022-09-05 | CVE-2022-38751 | Out-of-bounds Write vulnerability in multiple products Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |
2022-09-05 | CVE-2022-38752 | Out-of-bounds Write vulnerability in Snakeyaml Project Snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |
2022-08-30 | CVE-2022-25857 | XML Entity Expansion vulnerability in multiple products The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | 7.5 |
2019-12-12 | CVE-2017-18640 | XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 |