Vulnerabilities > Snakeyaml Project > Snakeyaml > 1.31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-01 | CVE-2022-1471 | Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. | 9.8 |
2022-11-11 | CVE-2022-41854 | Out-of-bounds Write vulnerability in multiple products Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |
2022-09-05 | CVE-2022-38752 | Out-of-bounds Write vulnerability in Snakeyaml Project Snakeyaml Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |