Vulnerabilities > Snakeyaml Project

DATE CVE VULNERABILITY TITLE RISK
2022-12-01 CVE-2022-1471 Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution.
network
low complexity
snakeyaml-project CWE-502
critical
9.8
2022-11-11 CVE-2022-41854 Out-of-bounds Write vulnerability in multiple products
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project fedoraproject CWE-787
6.5
2022-09-05 CVE-2022-38749 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project debian CWE-787
6.5
2022-09-05 CVE-2022-38750 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
local
low complexity
snakeyaml-project debian CWE-787
5.5
2022-09-05 CVE-2022-38751 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project debian CWE-787
6.5
2022-09-05 CVE-2022-38752 Out-of-bounds Write vulnerability in Snakeyaml Project Snakeyaml
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project CWE-787
6.5
2022-08-30 CVE-2022-25857 XML Entity Expansion vulnerability in multiple products
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
network
low complexity
snakeyaml-project debian CWE-776
7.5
2019-12-12 CVE-2017-18640 XML Entity Expansion vulnerability in multiple products
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
7.5